Writing xml data to oracle database
I have created a PHP script to read data from xml and write to oracle database XML data has html tags. which are in different languages such as English, Russian, Italian, German.
In php, I am reading data from xml as
$xml=simplexml_load_file($file);
foreach($xml as $value)
{
$text='';
if($value->englishtext=='')
{
$text=htmlentities(str_replace("'", "'", $value->translatedtext), ENT_HTML5);
}
else
{
$text=htmlentities(str_replace("'", "'", $value->englishtext), ENT_HTML5);
}
}
insert query INSERT INTO Internationalization VALUES (seq_id.nextval, $ text)
$stid2 = oci_parse(
$conn,
"INSERT INTO UILABELINT VALUES (seq_uilabelint_id.nextval,'".$localeid."','".$filename."','".$value['ID']."',$text)"
);
My real problem is the data is being inserted correctly and some html tags are not being encoded correctly.
Can anyone suggest me
- Weather should I use htmlentities () or not.
- What should I do to render these html tags in html5.
Sample xml data
<?xml version="1.0" encoding="UTF-8"?>
<Resources>
<Section ID="AddListing">
<englishtext><![CDATA[Add Listing]]></englishtext>
<translatedtext/>
</Section>
<Section ID="DirectPayment">
<englishtext><![CDATA[Receive <b>direct payments</b> from travelers.]]</englishtext>
<translatedtext/>
</Section>
</Resources>
source to share
You must use parameterized queries in modern day software development. This is done in order to avoid hacking injection and errors due to special characters.
Replace line:
$stid2 = oci_parse(...);
with the following instruction preparation code:
$stid2 = oci_parse(
$conn,
"INSERT INTO UILABELINT VALUES (".
"seq_uilabelint_id.nextval,':localeId',':fileName',':valueId',':text'".
")"
);
oci_bind_by_name($stid2, ":localeId", $localeid);
oci_bind_by_name($stid2, ":fileName", $filename);
oci_bind_by_name($stid2, ":valueId", $value["ID"]);
oci_bind_by_name($stid2, ":text", $text);
and finally execute the instruction, you no longer need to use "str_replace" or "htmlentities". Just get the text directly:
$text = $value->translatedtext;
For more details on OCI parameterization, see: http://php.net/manual/en/function.oci-bind-by-name.php
source to share