How to handle double quotes in string before XPath evaluation?

Question

In the function below, when string in $keyword contains double quotes, it does create a \"Warning: DOMXPath::evaluate(): Invalid expression\":

$keyw         


        

Answer 1

To escape the string delimiters in XPath 2.0 string literals you need to replace each single delimiter by two, so " needs to be replaced by "":

[74]      StringLiteral      ::=      ('"' (EscapeQuot | [^"])* '"') | ("'" (EscapeApos | [^'])* "'") /* ws: explicit */
[75]      EscapeQuot     ::=      '""'
[76]      EscapeApos     ::=      "''"

I’m not sure if there already is a function to do that but you can use this function:

function xpath_quote($str, $quotation='"') {
    if ($quotation != '"' && $quotation != "'") return false;
    return str_replace($quotation, $quotation.$quotation, $str);
}

And the usage:

'boolean(/html/body//'.$heading.'[contains(.,"'.xpath_quote($keyword).'")])'

Answer 2

PHP has Xpath 1.0, if you have a string with double and single quotes, a workaround is using the Xpath concat() function. A helper function can decide when to use what. Example/Usage:

xpath_string('I lowe "double" quotes.');
// xpath:    'I lowe "double" quotes.'

xpath_string('It\'s my life.');
// xpath:    "It's my life."

xpath_string('Say: "Hello\'sen".');
// xpath:    concat('Say: "Hello', "'", "'sen".')

The helper function:

/**
 * xpath string handling xpath 1.0 "quoting"
 *
 * @param string $input
 * @return string
 */
function xpath_string($input) {

    if (false === strpos($input, "'")) {
        return "'$input'";
    }

    if (false === strpos($input, '"')) {
        return "\"$input\"";
    }

    return "concat('" . strtr($input, array("'" => '\', "\'", \'')) . "')";
}