2

I have a form where I'm trying to ensure I'm handling special characters. One of the fields in the form is Title, defined in the form as input type='text'. The value entered into it as a test is something like (Ann & Andy's First "Test" Pic). For clarity, the entered text is only what is inside the brackets, and does not include the brackets.

I post the Title into a variable as follows:

if (isset($_POST["submitupdate"]))  {
$form_title = htmlspecialchars($_POST["title"], ENT_QUOTES, 'UTF-8');
}

At the end of the process I write the value in $form_title to an XML node:

$xml = simplexml_load_file('mydata.xml');
$sxe = new SimpleXMLElement($xml->asXML());
$newparent = $sxe->addChild("Book");
$newparent->addChild("Title", $form_title);
$sxe->asXML('mydata.xml');

I check the XML file to find the text in the file appears as Ann & Andy's First "Test" Pic rather than what I expect to get, which should be Ann & Andy$apos;s First "Test" Pic.

To answer the most obvious question, I am using ENT_QUOTES, not ENT_NOQUOTES. To make sure I wasn't losing my mind, I tried it both ways and got the exact same result either way.

I can't for the life of me make any sense of this. Any ideas?

Title and Question updated on suggestion of deceze.

roybman
  • 29
  • 2
  • How exactly are you creating that XML file? – deceze May 07 '15 at 19:08
  • As follows: $xml = simplexml_load_file('mydata.xml'); $sxe = new SimpleXMLElement($xml->asXML()); $newparent = $sxe->addChild("Book"); $newparent->addChild("Title", $form_title); $sxe->asXML('mydata.xml'); – roybman May 07 '15 at 19:18
  • Your question is really more about SimpleXML than `ENT_QUOTES`. You should rewrite it accordingly; and add that code into your question! Also see http://stackoverflow.com/q/552957/476. – deceze May 07 '15 at 19:22
  • In the link provided by deceze, the point is made that " The addChild method is meant to be "add exactly what I tell you to add" method." So if I'm using ENT_QUOTES to escape the special characters, I would expect to see the escaped characters in the xml generated. But I'm getting the actual characters in the xml rather than the escaped version, so I don't see that article has the answer to my question. – roybman May 07 '15 at 20:43
  • Based on the research I've done and the testing I've done of various approaches to this, it seems that quotes cannot be written to an XML file using SimpleXML AddChild. Any approach to this will result in the quote characters being unescaped on the write. If anyone thinks they have some solution I haven't tried, I'm all ears. – roybman May 07 '15 at 21:30

0 Answers0