Clever Geek Handbook

Writing xml data to oracle database

I have created a PHP script to read data from xml and write to oracle database XML data has html tags. which are in different languages ​​such as English, Russian, Italian, German.

In php, I am reading data from xml as

$xml=simplexml_load_file($file);
foreach($xml as $value)
{
       $text='';
    if($value->englishtext=='')
    {
        $text=htmlentities(str_replace("'", "'", $value->translatedtext), ENT_HTML5);  
    }
    else
    {
        $text=htmlentities(str_replace("'", "'", $value->englishtext), ENT_HTML5); 
    }
}

insert query INSERT INTO Internationalization VALUES (seq_id.nextval, $ text)

$stid2 = oci_parse(
    $conn, 
    "INSERT INTO UILABELINT VALUES (seq_uilabelint_id.nextval,'".$localeid."','".$filename."','".$value['ID']."',$t‌​ext)"
);

My real problem is the data is being inserted correctly and some html tags are not being encoded correctly.

Can anyone suggest me

  • Weather should I use htmlentities () or not.
  • What should I do to render these html tags in html5.

Sample xml data

<?xml version="1.0" encoding="UTF-8"?>
<Resources>
<Section ID="AddListing">
        <englishtext><![CDATA[Add Listing]]></englishtext>
        <translatedtext/>
</Section>
<Section ID="DirectPayment">
    <englishtext><![CDATA[Receive <b>direct payments</b> from travelers.]]</englishtext>
    <translatedtext/>
</Section>
</Resources>
+3


source to share


1 answer


You must use parameterized queries in modern day software development. This is done in order to avoid hacking injection and errors due to special characters.

Replace line:

$stid2 = oci_parse(...);

with the following instruction preparation code:



$stid2 = oci_parse(
    $conn, 
    "INSERT INTO UILABELINT VALUES (".
        "seq_uilabelint_id.nextval,':localeId',':fileName',':valueId',':text'".
    ")"
);

oci_bind_by_name($stid2, ":localeId", $localeid);
oci_bind_by_name($stid2, ":fileName", $filename);
oci_bind_by_name($stid2, ":valueId",  $value["ID"]);
oci_bind_by_name($stid2, ":text",     $text);

and finally execute the instruction, you no longer need to use "str_replace" or "htmlentities". Just get the text directly:

$text = $value->translatedtext;

For more details on OCI parameterization, see: http://php.net/manual/en/function.oci-bind-by-name.php

+1


source






More articles:


All Articles