2

I have a big multi dimensional array which has a lot of different type of data from string to int and all that data has is converted to xml and send to third party to parse and do nasty things with it.

My current goal is to clean the array of possible sql injection, since we don't now what kind of protection they have on there side.

Can somebody give suggestion how to properly escape/convert any characters inside the array before convert it to xml.

I will use a function with recursive to loop trough array. So I need tips and tricks what my function will do to parameters. Since the information I found is overwhelming and many exceptions exist.

Taziz
  • 73
  • 1
  • 6
  • This question might be answered already. See http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – CarlosCarucce Jun 30 '16 at 12:47

1 Answers1

2

If you need to ensure that some textual value can be inserted as xml tag value this should do it:

$value = "something I want to encode";
$result = htmlspecialchars(html_entity_decode($value, ENT_QUOTES, 'UTF-8'),
                           ENT_NOQUOTES,
                           'UTF-8',
                           false);
Darko Miletic
  • 1,168
  • 1
  • 13
  • 21