PHP escape characters

Hi Experts,

I am getting a DOM error when I pass this url into the load method.  No error when I remove the method call with the single quotes.  Pretty sure the quotes are the problem.  \ preceding the quotes doesn't help.  magic_quotes_gpc is on, magic_quotes_runtime is off,  and it's PHP 5.2.11

How can I frame the quotes so $dom->load doesn't throw an error?

 Here is the URL string passed to $dom->load:  http://adcd.com/external/helloworld.jsp?<LightsLookup method='getNumberOfLights'><xmlInfo>blue,white,green</xmlInfo></LightsLookup>

Thanks,

HNM
HelpNearMeAsked:
Who is Participating?
 
Ray PaseurConnect With a Mentor Commented:
Try running this - it seems to make some sense, inasmuch as it provides an XML response that can be parsed into an object.
<?php // RAY_temp_HelpNearMe.php
error_reporting(E_ALL);
echo "<pre>\n";


function my_curl($url)
{
    $curl = curl_init();

// HEADERS FROM FIREFOX - APPEARS TO BE A BROWSER REFERRED BY GOOGLE

    $header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $header[] = "Cache-Control: max-age=0";
    $header[] = "Connection: keep-alive";
    $header[] = "Keep-Alive: 300";
    $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
    $header[] = "Accept-Language: en-us,en;q=0.5";
    $header[] = "Pragma: "; // browsers keep this blank.

    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6');
    curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
    curl_setopt($curl, CURLOPT_REFERER, 'http://www.google.com');
    curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
    curl_setopt($curl, CURLOPT_AUTOREFERER, true);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_TIMEOUT, 2); // GIVE UP AFTER TWO SECONDS

    if (!$html = curl_exec($curl))
    {
        return FALSE;
    }

    curl_close($curl);
    return $html;
}


// TEST DATA
$url = <<<EOURL
http://axml.travelnow.com/external/xmlinterface.jsp?cid=22212064&resType=car200820&intfc=ws&xml=<CarSessionRequest%20method='getCarAvailability'><CarAvailabilityQuery><cityCode>AGU</cityCode><pickUpDate>01/29/2010</pickUpDate><dropOffDate>01/31/2010</dropOffDate><pickUpTime>12PM</pickUpTime><dropOffTime>12PM</dropOffTime><specialEquipmentCodes>BBS</specialEquipmentCodes></CarAvailabilityQuery></CarSessionRequest>
EOURL;

// READ FROM THE URL
$xml = my_curl($url);
$xml = trim($xml);

// MAKE AN OBJECT FROM THE XML
$obj = SimpleXML_Load_String($xml);

// DISPLAY THE OBJECT
var_dump($obj);

Open in new window

0
 
Ray PaseurCommented:
Try using urlencode?
0
 
Ray PaseurCommented:
I tried this URL and got 404.  What is the right URL?
http://adcd.com/external/helloworld.jsp?%3CLightsLookup%20method=%27getNumberOfLights%27%3E%3CxmlInfo%3Eblue,white,green%3C/xmlInfo%3E%3C/LightsLookup%3E

Open in new window

0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Ray PaseurCommented:
Hmm... Maybe one more idea - "entitize" the apostrophes with &apos;  Check the refs here:
http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
0
 
Richard QuadlingConnect With a Mentor Senior Software DeveloperCommented:
I just realised you are calling a JSP page. PHP's magic quotes won't have any impact on that.
0
 
HelpNearMeAuthor Commented:
Hi Ray & RQuadling,

I used &apos instead as suggested and $dom->load() didn't throw an error but the server at the other end reported that the XML was not well formed.  The &apos appeared in the actual URL request string so the remote server couldn't parse the attribute properly.

The original code (single quotes/apostrophes included) worked fine for two months on a PHP 5.2.9 box.  Our production server is running 5.2.11 and seems to fall apart with these single quotes.  I have 5.3 running on WAMP locally and I have the same problem.  

I am going to try urlencode now, thanks for the help so far.  I'll be back with an update.

HNM
0
 
Ray PaseurCommented:
Try htmlspecialchars() - I think it might be the right thing.  I always get it confused - sorry about that :-(
http://us.php.net/manual/en/function.htmlspecialchars.php

~Ray
0
 
HelpNearMeAuthor Commented:
I was reading about htmlspecialchars and htmlentities when you typed that ;)  I'll let you know how it works.

Thanks,

HNM
0
 
HelpNearMeAuthor Commented:
Hi Experts,

I just threw in the towel.  I can't get this to work.  Like I said ... worked great on 5.2.9 now on 5.2.11 dom->load errors.  Here is the actual URL, if you try it you will get an ip address authentication error.  Regardless you will get XML back in some form... unless of course you have the save problem I do.  It seems to be the single quotes..... Browser should return XML message of some type.

Please let me know if you have any ideas :)

http://axml.travelnow.com/external/xmlinterface.jsp?cid=22212064&resType=car200820&intfc=ws&xml=<CarSessionRequest method= 'getCarAvailability'><CarAvailabilityQuery><cityCode>AGU</cityCode><pickUpDate>01/29/2010</pickUpDate><dropOffDate>01/31/2010</dropOffDate><pickUpTime>12PM</pickUpTime><dropOffTime>12PM</dropOffTime><specialEquipmentCodes>BBS</specialEquipmentCodes></CarAvailabilityQuery></CarSessionRequest>
0
 
Ray PaseurCommented:
Trimmed of unnecessary whitespace, I got this XML.
<Exception>
  <itineraryId>-1</itineraryId>
  <handling>1</handling>
  <category>4</category>

  <presentationMessage>TravelNow.com cannot service this request.</presentationMessage>
  <verboseMessage>Authentication failure. (cid=22212064; ipAddress= 74.9.128.130)</verboseMessage>
</Exception>

Open in new window

0
 
HelpNearMeAuthor Commented:
By the way I was using:
$doc = new DOMDocument();
$doc->load($urlXML);

I was getting this big ugly error:
Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/home/abc123/public_html/xmlTest/http:/axml.travelnow.com/external/xmlinterface.jsp?cid=22212064&resType=car200820&intfc=ws&xml=<CarSessionRequest method='getCarAvailability'><CarAvailabilityQuery><cityCode>ACA</cityCode><pickUpDate>01/22/2010</pickUpDate><dropOffDate>01/26/2010</dropOffDate><pickUpTime>12PM</pickUpTime><dropOffTime>12PM</dropOffTime><specialEquipmentCodes>BBS</specialEquipmentCodes></CarAvailabilityQuery></CarSessionRequest>" in /home/abc123/public_html/xmlTest/processXML.php on line 24
0
 
HelpNearMeAuthor Commented:
You got that from the browser or inside PHP?  And whitespace in the [method= ] part?

I sincerely appreciate your help with this.. :)

hnm
0
 
Ray PaseurCommented:
Do you mean to have a blank in the URL?
0
 
HelpNearMeAuthor Commented:
No the blank was a result of my inserting \ and other characters attempting to fix the problem.  Without the space after method= it still throws the error.  If I remove the quotes all together the dom error disappears.  Of course the xml string is not valid but dom seems to behave well without the quotes.
0
 
HelpNearMeAuthor Commented:
Line 40 is causing problems Parse error: syntax error, unexpected T_SL

Not sure what the <<<EOURL is.  Should I modify it?

Thanks,

HNM
0
 
HelpNearMeAuthor Commented:
I removed the <<EOURL stuff and put quotes around the string.  It returns XML..... so considering the time spent on this.. I may move over to cURL from DOM->Load.  I am using XSLT after this step so I'll work on glueing cURL together with my XSLT templates to output HTML.

Ray and RQuadling, thanks so much.  Problem not solved but avoided. :)

Thanks,

HNM
0
 
Ray PaseurCommented:
Thanks for the points.  What level of PHP are you running?  I cannot figure why HEREDOC worked on my PHP 5.2 and would not work for you.  Please see:
http://us2.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.