PHP 中的未终止实体引用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17027043/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unterminated entity reference in PHP
提问by mega6382
Here is my code:
这是我的代码:
<?php
// 27/01/2016 Edit:
$result = mysql_query("A Long mysql query");
$rss = new SimpleXMLElement('<rss version="2.0" />');
$products = $rss->addChild('products');
///
while($row = mysql_fetch_array($result)){
$product = $products->addChild('category');
$product->addChild('product_id',"$row[product_id]");
$product->addChild('cat_id',"$row[cat_id]");
$product->addChild('cat_name',"$row[cat_name]");
$product->addchild('product_code',"$row[product_code]");
$product->addchild('product_name',"$row[product_name]");
$product->addChild('description','$row[description]');
$product->addchild('rating',"$row[rating]");
$product->addchild('image_url','$row[imag_url]');
$product->addchild('price',"$row[price]");
$product->addchild('discount',"$row[discount]");
$product->addchild('stock_status',"$row[stock_status]");
$product->addchild('stock_quantity',"$row[stock_quantity]");
$product->addchild('weight',"$row[weight]");
$product->addchild('length',"$row[length]");
$product->addchild('width',"$row[width]");
$product->addchild('height',"$row[height]");
$product->addchild('colour',"$row[colour]");
$product->addchild('size',"$row[size]");
$product->addchild('material',"$row[material]");
$product->addchild('pattern',"$row[pattern]");
};
Header('Content-type: text/xml');
print($rss->asXML());
?>
and here is the error:
这是错误:
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference _Coke.jpg in C:\wamp\www\rabwah\core.php on line 40
警告:SimpleXMLElement::addChild() [simplexmlelement.addchild]:第 40 行 C:\wamp\www\rabwah\core.php 中未终止的实体引用 _Coke.jpg
The error is in the line with '$row[imag_url]'.
错误与'$row[imag_url]'.
回答by Joel Davey
This correctly encodes the & < >and "" ''
这正确编码& < >和"" ''
$parent->addChild($name, htmlspecialchars($value));
回答by mega6382
SimpleXMLElementis actually a system resource which behaves like an object. Which makes working with loops tricky. So when trying to add new child elements
instead of this:
SimpleXMLElement实际上是一个系统资源,它的行为类似于一个对象。这使得使用循环变得棘手。因此,当尝试添加新的子元素而不是这样时:
$product->addchild('element', $value);
do this:
做这个:
$product->element = $value;
or you can use htmlspecialchars(), to escape html characters.
或者您可以使用htmlspecialchars(), 来转义 html 字符。
Note:
笔记:
mysql_*is deprecated as of php-5.5and removed as of php-7. So instead use mysqli_*or PDO.
Why shouldn't I use mysql_* functions in PHP?
mysql_*从php-5.5 开始弃用,从php-7 开始删除。所以改为使用mysqli_*or PDO。
为什么我不应该在 PHP 中使用 mysql_* 函数?
回答by Kavi Siegel
My solution to this is specifically creating a text node, which makes sure absolutely everything is escaped properly:
我对此的解决方案是专门创建一个文本节点,以确保绝对正确转义所有内容:
$cell = $dom->createElement('td');
$cell->appendChild($dom->createTextNode($value));
回答by Ionut Cioflan
If you use the new created node you can set the value by accessing {0} property. This should escape any special characters.
如果您使用新创建的节点,则可以通过访问 {0} 属性来设置该值。这应该转义任何特殊字符。
$childNode = $parent->addChild($name);
$childNode{0} = $value;
回答by Eolia
The correct form is:
正确的形式是:
$product->addchild('image_url',htmlspecialchars($row['imag_url']));
回答by Peter
Sorry for reviving an old question, but there is another solution to this.. Assuming the following code causes the "unterminated entity reference" error:
很抱歉恢复了一个旧问题,但还有另一种解决方案。假设以下代码导致“未终止的实体引用”错误:
$xml->addChild($key,$value);
@Joel-Davey's solution works very well:
@Joel-Davey 的解决方案非常有效:
$xml->addChild($key,htmlspecialchars($value));
But you can also do the following if, for some reason, you don't want to use the above htmlspecialchars function (basically, you split the one step into two steps):
但是,如果出于某种原因,您不想使用上述 htmlspecialchars 函数,您也可以执行以下操作(基本上,您将一步拆分为两步):
$xml->addChild($key);
$xml->$key=$value;
i have no idea which one will execute faster; i doubt it'd make much of a difference, but, this works, and i thought it should be mentioned
我不知道哪一个会执行得更快;我怀疑它会产生很大的不同,但是,这有效,我认为应该提到它
PS: i know it works because i'm using it on a personal project
PS:我知道它有效,因为我在个人项目中使用它
