Escaping XML Reserved Characters in PHP

Home

Blog

Tech Stuff

Sunday, 15 February 2009 15:06

I just stumbled across this function in some of my old PHP code and since I replied to an issue on the Joomla! forums only the other day about this same thing, I thought I'd post it here seeing that I have a couple of notes about XHTML already on this site:

function xmlspecialchars($text) {
   return str_replace('&#039;', '&apos;', htmlspecialchars($text, ENT_QUOTES));
}

I don't remember if I read through the XML specs and wrote this myself or whether I just found it somewhere, but I have a feeling I checked it all out at the time and I think this covers all the necessary escaping for XHTML...please somebody let me know if I'm mistaken!

Last Updated on Thursday, 10 September 2009 02:16

Comments

RE: Escaping XML Reserved Characters in PHP from http://matthiasvdh.myopenid.com/ on Wed. Mar 24, 2010 reply

The function htmlspecialchars() is useful to convert any string into something that won't upset the browser if put in X(HT)ML tags. Also, you can safely use the output as a value for an attribute (converting the single and double quotes makes sure it will output valid HTML).

However, it might run into issues if you use the value as a form action, as you do on the Joomla! forum. The attribute 'action' expects a URI, so you might need to urlencode some parts of the string to make it valid.

As for the str_replace in your code: it replaces the decimal code for a single quote, to the HTML entity '. Unofrtunately, the latter is not supported by Internet Explorer. Drop the replacement and the code will work fine.

OpenID

</div>
  <fieldset style="border: none; background: none; padding: 0px; margin: 0px;">
  <input type="hidden" id="option" name="option" value="com_rdf"/>
  <input type="hidden" id="task" name="task" value="postRDF"/>
  <input type="hidden" id="view" name="view" value="semanix"/>
  <input type="hidden" id="layout" name="layout" value="session"/>
  <input type="hidden" id="return" name="return" value="http://willdaniels.co.uk/blog/tech-stuff/18-escaping-xml-reserved-characters-in-php#comment4c53a4f8e44e1"/>
  <input type="hidden" id="rdf_graph_is" name="rdf_graph[is]" value="urn:/localstore/joomla/sioc"/>
  <input type="hidden" id="rdf_parent_is" name="rdf_parent[is]" value="http://willdaniels.co.uk/component/content/article/18-escaping-xml-reserved-characters-in-php"/>
  <input type="hidden" id="rdf_base_is" name="rdf_base[is]" value="http://willdaniels.co.uk/component/content/article/18-escaping-xml-reserved-characters-in-php#"/>
  <input type="hidden" id="rdf_this_is" name="rdf_this[is]" value=":comment4c53a4f8e44e1"/>
  <input type="hidden" id="rdf_this_rdf:type" name="rdf_this[rdf:type]" value="sioc:Post, sioctype:Comment"/>
  <input type="hidden" id="rdf_this_dc:date" name="rdf_this[dc:date]" value="?date"/>
  <input type="hidden" id="rdf_this_dc:title" name="rdf_this[dc:title]" value="comment-title"/>
  <input type="hidden" id="rdf_this_sioc:ip_address" name="rdf_this[sioc:ip_address]" value="?ip"/>
  <input type="hidden" id="rdf_this_sioc:reply_of" name="rdf_this[sioc:reply_of]" value="parent"/>
  <input type="hidden" id="rdf_this_sioc:content" name="rdf_this[sioc:content]" value="comment"/>
  <input type="hidden" id="rdf_this_sioc:has_creator" name="rdf_this[sioc:has_creator]" value="?user"/>
  <input type="hidden" id="rdf_-user_sioc:creator_of" name="rdf_?user[sioc:creator_of]" value="this"/>
  <input type="hidden" id="rdf_parent_sioc:has_reply" name="rdf_parent[sioc:has_reply]" value="this"/>
  <input type="hidden" name="7a24236e202127c7819b1fa3ca017e9b" value="1"/>
  </fieldset>
<fieldset style="border:none; background:none; padding:0; margin:0;"/></form>

</div>
		</div>

<div id="ja-col1">
					<div class="moduletable_menu">
					<h3>Main Menu</h3>
					<ul class="menu"><li><a href="http://willdaniels.co.uk/"><span>Home</span></a></li><li class="parent"><a href="/blog"><span>Blog</span></a><ul><li><a href="/blog/tech-stuff"><span>Tech Stuff</span></a></li><li><a href="/blog/greek"><span>Greek</span></a></li></ul></li><li><a href="/projects"><span>Projects</span></a></li><li class="parent"><a href="/articles"><span>Articles</span></a><ul><li><a href="/articles/howto-guides"><span>HowTo Guides</span></a></li></ul></li><li class="parent"><a href="/reference"><span>Reference</span></a><ul><li><a href="/reference/rdf-vocabulary"><span>RDF Vocabulary</span></a></li></ul></li><li class="parent"><a href="/about"><span>About</span></a><ul><li><a href="/about/biography"><span>Biography</span></a></li><li><a href="/about/profiles"><span>Profiles</span></a></li></ul></li><li><a href="/contact"><span>Contact</span></a></li></ul>		</div>
			<div class="moduletable">
					<h3>identi.ca</h3>
					<p style="padding-top: 0px; margin-top: 0px;">Social networking at <a href="http://identi.ca/wdaniels">identi.ca</a> - an open source improvement on twitter!</p>
<script type="text/javascript" src="/includes/js/identica-badge-xhtml.js">
{
  "user":"wdaniels",
  "server":"identi.ca",
  "headerText":" and friends",
  "width":"100%",
  "headerBackground":"#333333",
  "background":"#ececec"
}
</script>		</div>
	
		</div><br/>
		
		
		</div>

<div id="ja-col2">
					<div class="jamod module" id="Mod21">
			<div>
				<div>
					<div>
																		<h3 class="show"><span>Related Items</span></h3>
												<div class="jamod-content"><ul class="relateditems">
<li>
	<a href="/articles/howto-guides/6-php-svn">
				HowTo: Install PHP Subversion Extension In Ubuntu</a>
</li>
<li>
	<a href="/blog/tech-stuff/9-serving-xhtml-content-with-joomla">
				Serving XHTML Content With Joomla!</a>
</li>
<li>
	<a href="/articles/howto-guides/11-xhtml-adsense">
				HowTo: Do AdSense In XHTML</a>
</li>
<li>
	<a href="/blog/tech-stuff/22-xhtmlrdfa-valid">
				XHTML+RDFa Valid</a>
</li>
<li>
	<a href="/articles/howto-guides/24-w3counter-xhtml">
				HowTo: Make W3Counter Work In XHTML</a>
</li>
<li>
	<a href="/blog/tech-stuff/25-sample-mathml-content">
				Sample MathML Content</a>
</li>
<li>
	<a href="/blog/tech-stuff/26-identica-badge-xhtml">
				Hacking on the identi.ca Badge Script</a>
</li>
</ul>
</div>
					</div>
				</div>
			</div>
		</div>
			<div class="jamod module" id="Mod25">
			<div>
				<div>
					<div>
																		<h3 class="show"><span>Sponsorship</span></h3>
												<div class="jamod-content">Visitors are kindly requested to give the advertisements at least a cursory glance.</div>
					</div>
				</div>
			</div>
		</div>
			<div class="jamod module" id="Mod22">
			<div>
				<div>
					<div>
																		<h3 class="show"><span>Google Ads</span></h3>
												<div class="jamod-content"><div style="text-align: center;"><object width="160" height="600" data="/includes/adsense-vert-w.php" type="text/html"/></div></div>
					</div>
				</div>
			</div>
		</div>
	
		</div><br/>
		
		
	</div>
	</div>
</div>
</div>

<div id="ja-botslwrap">
	<div id="ja-botsl" class="clearfix">

<div class="ja-box-full" style="width: 99%;">
					<div class="moduletable">
					
<a id="w3counter" href="http://www.w3counter.com"/>
<script type="text/javascript" src="/includes/js/w3counter.js"/>
<script type="text/javascript">w3counter(26187);</script>
		</div>
	
	  </div>
	  
	  
	  
	  
	</div>
</div>

<div id="ja-footerwrap">
<div id="ja-footer" class="clearfix">

</div>

</div>

</body>

</html>