Possible Duplicate:
How do you make strings XML“safe”?
I am making xml and part of the code looks like this:
echo 'description="' .$description. '" ';
When there are apostrophes is the description variable, the code works fine, but when there are apostrophized, the code breaks.
What is the right way for me to escape the string so that it does not break the overall xml?
If some text breaks your XML code you should use CDATA.
Consider this code
<?xml version="1.0" encoding="utf-8"?>
<Result>
<html>
<p>
Returning value
</p>
</html>
</Result>
Should be rewrited to
<?xml version="1.0" encoding="utf-8"?>
<Result>
<html>
<![CDATA[<p>
Returning value
</p>]]>
</html>
</Result>
So data in <html> tag is treated as a string, otherwise <p> will be treated as XML tag (in first example)
You can use either CDATA or HTML escape characters. CDATA might be an easier approach, as your code would universally escape all characters and look like this:
<tag><![CDATA[your data here]]></tag>
http://en.wikipedia.org/wiki/XML#Escaping http://en.wikipedia.org/wiki/CDATA http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
I would avoid CDATA like the plague, especially if the contents of your XML is to be acted well upon. CDATA simply hides whatever it wraps away. I always use htmlentities() to make sure, although most often you'll get into trouble with ampersands. Also, you can't CDATA parameters, so the other suggestions doesn't address your problem.
Now, looking at your question it seems it is more about quotation characters in attributes. First, can you make a element rather than an attribute? The reason is of course that a descriptions have a higher risk of having all sorts of characters in them, and hence would be better treated as pure text without the perils of XML parsing.
Having said that, one could always try ;
echo 'description="' .str_replace ( array('"',"'"), '"', $description) . '" ';
And of course if useful, wrap it in a function.
