XML error at ampersand (&)

Question

I have a php file which prints an xml based on a MySql db.

I get an error every time at exactly the point where there is an & sign.

Here

Answer 1

public function sanitize(string $data) {
    return str_replace('&', '&', $data);
}

You are right: here is more context - the example is in relation to the ' how to deal with data containing '&' when we pass this data to SimpleXml. Of course there is also other solution to use <![CDATA[some stuff]]>

Answer 2

& in XML starts an entity. As you haven't defined an entity &WhateverIsAfterThat an error is thrown. You should escape it with &.

$string = str_replace('&', '&', $string);

How do I escape ampersands in XML

To escape the other reserved characters:

function xmlEscape($string) {
    return str_replace(array('&', '<', '>', '\'', '"'), array('&amp;', '&lt;', '&gt;', '&apos;', '&quot;'), $string);
}

Answer 3

Switch and regex with using xml escape function.

 function XmlEscape(str) {
    if (!str || str.constructor !== String) {
        return "";
    }

    return str.replace(/[\"&><]/g, function (match) {
        switch (match) {
        case "\"":
            return "&quot;";
        case "&":
            return "&amp;";
        case "<":
            return "&lt;";
        case ">":
            return "&gt;";
        }
    });
};

Answer 4

You need to either turn & into its entity &, or wrap the contents in CDATA tags.

If you choose the entity route, there are additional characters you need to turn into entities:

>  >
<  &lt;
'  &apos;
"  &quot;

Background: Beware of the ampersand when using XML

Wikipedia: List of XML character entity references

Answer 5

$string = htmlspecialchars($string,ENT_XML1);

is the most universal way to solve all encoding errors (IMHO better that write custom functions + there is no point to solve just &).

Credit: Put Wrikken's and joshweir's comment as answer to be more visible.