发表新帖
发表新帖

Generating XML document in PHP (escape characters)

前端 未结
关注
10 889
难免孤独
难免孤独 2020-11-27 04:20

I\'m generating an XML document from a PHP script and I need to escape the XML special characters. I know the list of characters that should be escaped; but what is the corr

相关标签:
10条回答
  • 伪装坚强ぢ
    2020-11-27 05:03

    Proper escaping is the way to get correct XML output but you need to handle escaping differently for attributes and elements. (That is Tomas' answer is incorrect).

    I wrote/stole some Java code a while back that differentiates between attribute and element escaping. The reason is that the XML parser considers all white space special particularly in attributes.

    It should be trivial to port that over to PHP (you can use Tomas Jancik's approach with the above appropriate escaping). You don't have to worry about escaping extended entities if your using UTF-8.

    If you don't want to port my Java code you can look at XMLWriter which is stream based and uses libxml so it should be very efficient.

    0 讨论(0)
  • 暖寄归人
    2020-11-27 05:08

    Use the DOM classes to generate your whole XML document. It will handle encodings and decodings that we don't even want to care about.

    Edit: This was criticized by @Tchalvak:

    The DOM object creates a full XML document, it doesn't easily lend itself to just encoding a string on it's own.

    Which is wrong, DOMDocument can properly output just a fragment not the whole document:

    $doc->saveXML($fragment);

    which gives:

    Test &amp; <b> and encode </b> :)
Test &amp;amp; &lt;b&gt; and encode &lt;/b&gt; :)

    as in:

    $doc = new DOMDocument();
$fragment = $doc->createDocumentFragment();

// adding XML verbatim:
$xml = "Test &amp; <b> and encode </b> :)\n";
$fragment->appendXML($xml);

// adding text:
$text = $xml;
$fragment->appendChild($doc->createTextNode($text));

// output the result
echo $doc->saveXML($fragment);

    See Demo

    0 讨论(0)
  • 春和景丽
    2020-11-27 05:11

    What about the htmlspecialchars() function?

    htmlspecialchars($input, ENT_QUOTES | ENT_XML1, $encoding);

    Note: the ENT_XML1 flag is only available if you have PHP 5.4.0 or higher.

    htmlspecialchars() with these parameters replaces the following characters:

    • & (ampersand) becomes &amp;
    • " (double quote) becomes &quot;
    • ' (single quote) becomes &apos;
    • < (less than) becomes &lt;
    • > (greater than) becomes &gt;

    You can get the translation table by using the get_html_translation_table() function.

    0 讨论(0)
  • 暖寄归人
    2020-11-27 05:11 
     function replace_char($arr1)
 {
  $arr[]=preg_replace('>','&gt', $arr1); 
  $arr[]=preg_replace('<','&lt', $arr1);
  $arr[]=preg_replace('"','&quot', $arr1);
  $arr[]=preg_replace('\'','&apos', $arr1);
  $arr[]=preg_replace('&','&amp', $arr1);

  return $arr;
  }
    0 讨论(0)
 看不清?
提交回复
热议问题