Unterminated entity reference in PHP

Question

Here is my code:

\');
$pro         


        

Answer 1

My solution to this is specifically creating a text node, which makes sure absolutely everything is escaped properly:

$cell = $dom->createElement('td');
$cell->appendChild($dom->createTextNode($value));

Answer 2

This correctly encodes the & < > and "" ''

$parent->addChild($name, htmlspecialchars($value));

Answer 3

The correct form is:

$product->addchild('image_url',htmlspecialchars($row['imag_url']));

Answer 4

Try by changing -

$product->addchild('image_url','$row[imag_url]');

To

$product->addchild('image_url',"$row[\"imag_url\"]");

OR

$product->addchild('image_url',$row['imag_url']);

EDIT wrap quotes too round image_url, courtesy Barrmar

Answer 5

SimpleXMLElement is actually a system resource which behaves like an object. Which makes working with loops tricky. So when trying to add new child elements instead of this:

$product->addchild('element', $value);

do this:

$product->element = $value;

or you can use htmlspecialchars(), to escape html characters.

Note:

mysql_* is deprecated as of php-5.5 and removed as of php-7. So instead use mysqli_* or PDO.
Why shouldn't I use mysql_* functions in PHP?

Answer 6

If you use the new created node you can set the value by accessing {0} property. This should escape any special characters.

$childNode = $parent->addChild($name);
$childNode{0} = $value;