0

I have an API to get places.

Using web browser, it shows:

<placeID>5</placeID>
<placeName>!@#$%&*?/_"'()-+;</placeName>
<rating>0</rating>
<categoryID>2</categoryID>
</place>

Using HttpGet and outputing to console, it shows:

<place>
<placeID>5</placeID>
<placeName>!@#$%&amp;*?/_&quot;'()-+;</placeName>
<rating>0</rating>
<categoryID>2</categoryID>
</place>

Displaying placeName on Android, it shows !@#$%

I store raw string in database and use htmlspecialchars($placeName) in the API.

The problem is the same with ?~=\^[]{}&lt;&gt;:);):(:'(:o:P:$:S, it becomes ?~=\^[]{}&lt;&gt;:);):(:'(:o:P:$:S in console and ?~=\^[]{} on Android.

I want to show all the special characters on Android just like it is stored in database.

emeraldhieu
  • 9,380
  • 19
  • 81
  • 139
  • see this may help you http://stackoverflow.com/a/10000095/1289716 – MAC Jul 28 '12 at 09:45
  • Why are you encoding with `htmlspecialchars()` before you store in the database? – Adi Jul 28 '12 at 10:10
  • @Adnan: No, I store the raw string "!@#$%&*?/_"'()-+;" in DB. Before showing it in XML, I use htmlspecialchars(). – emeraldhieu Jul 28 '12 at 10:57
  • @Emerald214, and why are you doing that? – Adi Jul 28 '12 at 11:08
  • Read Pixor's answer >>> http://stackoverflow.com/questions/1970880/store-html-entities-in-database-or-convert-when-retrieved?lq=1 – emeraldhieu Jul 28 '12 at 11:13
  • But if I understand your question correctly, your client (the "viewing medium") isn't a web browser, so HTML special characters don't mean anything to your client, they're just strings and won't be understood as something potentially harmful. Unless of course you're building your Android app with web technologies (HTML, Javascript, CSS..) – Adi Jul 28 '12 at 11:32

1 Answers1

1

The web browser is showing you the first result (unescaped) because it's converting the &amp; to & for display. If you do "View Source" in your browser you will see that it's actually &amp; just like with HttpGet. That is exactly what you want happening; what you see in the console is correct.

That said, you shouldn't be having any problems just outputting that string in Android, since it's clearly escaped properly. So, the problem is most likely in your parser, like in this thread: Android SAX parser not getting full text from between tags

Even if you're not using SAXParser, your parsing code is where you should look for a problem at this point, not at the data coming in.

Just to be safe, try also using the ENT_QUOTES flag with htmlspecialchars in your API, although that doesn't seem to be the problem in this specific case.

I should also mention that once you get that problem solved, depending on how you're displaying the text on Android it may show up escaped like in console, where you see things like &amp; instead of &. If that's the case, you will need to then decode the string from the XML like in this thread: Java: How to unescape HTML character entities in Java?

Community
  • 1
  • 1
ben
  • 488
  • 3
  • 11
  • I traverse XML using Element, Node and NodeList of org.w3c.dom package. In Java's console, it shows "!@#$%&*?/_"'()-+;". In Android logcat it shows "!@#$%". Could you help me? – emeraldhieu Jul 30 '12 at 03:46
  • 1
    Without seeing your parsing code there's nothing else I can help with. If you're still in the initial stages of development, I recommend modifying your API to output JSON instead of (or in addition to) XML, as you won't run into problems like this if you use JSONObject. – ben Aug 01 '12 at 16:57
  • Your solution and this http://stackoverflow.com/questions/11716147/why-dom-library-remove-the-escaped-special-character solved my problem. Because of your advice, I focused on the parsing code and ask a question about it. Thank you, I'll take your recommendation for the next project. – emeraldhieu Aug 02 '12 at 01:43