0

When a user inserts special symbols \\ or // in search box, I get following error:

Warning: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load external entity

How to remove it?

    $q=$_GET["abc"];
    $xml = "http://abc/seach?q=".urlencode($q);     
    $Obj = simplexml_load_file($xml);
sandbox
  • 2,631
  • 9
  • 33
  • 39

2 Answers2

0

Why not just remove those symbols (i.e. filter input, which you should be doing anyway) with something like this:

[EDIT]

$q = $_GET["abc"];

// Array of character patterns not allowed
$not_allowed = Array('\\','//');

// Strip from query
$q = str_replace($not_allowed,'',$q);

// Pass to XML
....
Jeremy Harris
  • 24,318
  • 13
  • 79
  • 133
  • You do not need the `foreach` loop here. `str_replace` can accept and array of items to replace. See my answer: http://stackoverflow.com/a/9413187/461813 – Treffynnon Feb 23 '12 at 12:42
0

My best guess, given the information here, is that the script your are accessing is at fault here and not your code. I would suggest that it is not handling the slashes correctly and returning an invalid XML response.

There are three ways around this.

  1. Get them to fix their script so it can handle the slashes
  2. Remove the slashes from the query before it is sent over: $q = str_replace(array('//', '\\'), '', $q);
  3. Attempt to check the headers or XML response for errors
Treffynnon
  • 21,365
  • 6
  • 65
  • 98