I have this php code
<?php
$status_code=1;
echo "<?xml version=\"1.0\"?>\n";
echo "<response>\n";
echo "\t<status>$status_code</status>\n";
echo "\t<time>" . time() . "</time>\n";
if ($status_code == 1) {
echo "\t<message>\n";
echo "\t\t<author>Vlad</author>\n";
echo "\t\t<text>Ova e poraka</text>\n";
echo "\t</message>\n";
}
echo "</response>";
?>
Why I don't get the printed xml code in browser?
Also is it good practice to create ajax requests by printing the xml code directly in php or should I use some xml php function to create xml code?
I wanted to create a chat system by using jquery, ajax, php and mysql using this tutorial, but I get error that the above printed xml is not well formed
Try viewing your source, the xml is there but just not visible. Your browser will try to show the page as HTML, since you dont supply the correct headers. Since there are no tags, you wont see anything.
You should send the correct headers, as such:
header('content-type: text/xml')
As the others have said, you need to give the browser a header to let it know how to display the page.
As for xml functions, have a look at the PHP SimpleXMLElement
you have to put header (to let the browser know how to render the display):
header ("Content-Type:text/xml");
You have to use proper content-type, as the others have said.
I recommend you to use XMLReader.
Or if you want a n easier way, then try to use Heredoc string syntax with sprintf and htmlspecialchars to encode values with characters that have special meanings in XML (like <>&)
Related
I'm making a website where a user should be able to use HTML and CSS in their profiles but I came across one problem.
<?php
$profile = "<h1>THIS IS A TEST</h1>";
echo htmlentities($profile);
?>
That's my code, but it only show this in the profile:
<h1>THIS IS A TEST&</h1>
I don't know what is happening, nor do I know if this only happens to me.
How do I make it show only the h1 content?
Function htmlentities is showing the representation of html characters like tags etc., and is being used especially to avoid parsing as html. So if you mean to echo html so that the browser parses it as html, the last thing you want is to use this function! Just echo it out directly, no need to use htmlentities or htmlspecialchars!
You just have to use echo $profile;, that's all. Check this and don't forget to check Display as HTML as browsers display PHP echoed text as HTML unless they're told to display it differently.
I have a php script that does a query in my database and returns a string ( like "2" ). I print it using
print strip_tags('2');
but in the output of my browser I get :
<body><html>2</html></body>
Is there any way to prevent the tags from beiing printed? Is it maybe that the browser auto adds them?
For all those answering about strip_tags (" 2 ");
THIS IS WRONG:
I want a siple version.php
with
echo '2';
and nothing else. It prints the tags too. I don't have the tags and then try to print.
More explanation to those who try to get easy rep
my code is:
$str = '2';
print strip_tags($str);
and it prints
<html><head></head><body>2</body></html>
It is not possible. The browser creates these elements automatically, without it there would not be any text flow(means nothing of this could be made visible). You can just use this variable for any script, it won't include the HTML tags. This is only made by the browser to make it visible for you.
You can use
header("Content-Type: text/plain");
at the beginning of your script, in order to tell the browsers you're only gonna send plain text, not html. This will prevent your browser from automatically adding those html tags.
Then, check what you print (or echo). Here, the body tag should be in html tag.
I'm quite new here. I'm trying to make a blog/journal site that allows users to post their own journal. I'm still quite reluctant on making it because I am really afraid of malicious code injections.
So here's a sample code:
<?php
$test = "<b>blah</b>"; //User input from SQL
echo "$test";
?>
What will come out is just the word "blah" in bold right? What I was trying to achieve was to echo "<b>blah</b>" instead. I don't want people to put some PHP codes that can actually mess up my whole web page. Please keep in mind that the variable $test is actually a MYSQL query, so that variable will be needed as an example. I know you can do echo '$test'; but it just comes out as "$test" instead. I feel like pulling my hair out I can't figure it out yet.
The second solution I know of is the htmlspecialchars(); function, but I want the strings to display as what I typed, not the converted ones...
Is there any way I can do that?
I think the OP wants the HTML itself to be output to the page, and not have the tags stripped. To achieve this, you can run the string first through htmlentities()
$test = '<b>blah</b>';
echo htmlentities($test);
This will output:
<b>blah</b>
Which will render in the page as
<b>blah</b>
Echo don't execute PHP code from string. This is impossible and this is not security hole in your code.
You can use a template engine like Twig for exemple.
If htmlspecialchars(); is not the one you are looking for, try the header() option.
header('Content-type: text/plain');
When you are gonna give <b>Hi</b> to a browser, it will be displayed in Bold and not the text be returned. But you can try this way, outputting it inside a <textarea></textarea>.
Or the other way is to use htmlentities():
<?php
$test = "<b>blah</b>"; //User input from SQL
echo htmlentities("$test");
?>
In another question, it was pointed out that using semantic markup can be a really clean way to pass data to an onclick function, along the lines of the code below.
I have a second question relating to passing JSON and having the receiving function recognize it as such. I have a PHP generated JSON value of [{"authed":"2012-03-04 17:24:24"},{"authed":"2012-03-04 11:44:38"}] that I need to pass to a function. echoing that straight into the <a> tag won't work, so I am using urlencode() to get:
click
Unfortunately, when I alert this out from popup(), I via the following code:
function popup(t) {
var auth = t.getAttribute('data-auth');
alert(decodeURI(auth));
}
I get
[{"authed"%3A"2012-03-04+17%3A24%3A24"}%2C{"authed"%3A"2012-03-04+11%3A44%3A38%22"}]
which JSON.parse() is unable to handle. Any suggestions on decoding/passing JSON using this pattern?
You need to use htmlspecialchars() to escape for html--like you should be doing for everything you echo out in html. (You are doing that right? To prevent generating invalid html?) Don't use urlencode(), which is for encoding parts of a url path or query parameter.
<?php
$data = array(array('authed'=>'2012-03-04 17:24:24'), array('authed'=>'2012-03-04 11:44:38'));
$jsondata = json_encode($data);
?>
<a data-auth="<?php echo htmlspecialchars($jsondata, ENT_COMPAT, 'UTF-8')?>" onclick="popup(this)">click</a>
Okay so I have a php script and I need to somehow view the value of one of my variables. The thing is this variable is a very long string of XML that got returned from a server. I know it has an error message in it but I need to actually see what it is saying. If I try and Print or echo the value it only displays part followed by a ... or if I use var_dump it does the same. I've even gone as far as trying to echo a javascript alert with the value but that fails because there are single and double quotes in the xml causing the alert quotes not to be recognized correctly. I just need to see the value of this variable. Any advice? Thanks.
Edit:
Actually said that wrong. Echo and print don't display the value correctly because the tags are in <> brackets so it is recognizing as an html tag.
You can use htmlentities to output the XML string so that you can get a plaintext view of it in a browser.
<?php echo htmlentities( $xml_string); ?>
Alternatively, you can parse the XML string to reveal the error message, but this may be more complicated than what you need.
Try echo htmlentities($var, ENT_COMPAT, 'UTF-8')
i always use this:
echo "<pre>". htmlentities($s) . "</pre>";
Try this:
echo '<pre>'.$xml_string.'</pre>';
See also:
CDATA - (Unparsed) Character Data
i usaly use:
echo nl2br(str_replace('<', '<', $xml));
as its only the < that are a problem
You could just save the XML string to a file. If it's well-formed XML, you can view it with every browser (and expand/collapse nodes ^^).