Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

writing xml data to oracle database

Tags:

oracle-database

php

xml

internationalization

I have created a php script to read data from xml and write it to oracle database the xml data has html tags. which are in various language like English,Russian,Italian,German.

In php I am reading data from xml as

$xml=simplexml_load_file($file);
foreach($xml as $value)
{
       $text='';
    if($value->englishtext=='')
    {
        $text=htmlentities(str_replace("'", "'", $value->translatedtext), ENT_HTML5);  
    }
    else
    {
        $text=htmlentities(str_replace("'", "'", $value->englishtext), ENT_HTML5); 
    }
}

the insert query is INSERT INTO Internationalization VALUES (seq_id.nextval,$text)

$stid2 = oci_parse(
    $conn, 
    "INSERT INTO UILABELINT VALUES (seq_uilabelint_id.nextval,'".$localeid."','".$filename."','".$value['ID']."',$t‌​ext)"
);

My real problem is some times the data is inserted correctly,and some times the html tags are not correctly encoded.

Can any body suggest me

  1. weather i should use htmlentities() or not.
  2. What i should do to display these html tags in html5.

Example of xml data

<?xml version="1.0" encoding="UTF-8"?>
<Resources>
<Section ID="AddListing">
        <englishtext><![CDATA[Add Listing]]></englishtext>
        <translatedtext/>
</Section>
<Section ID="DirectPayment">
    <englishtext><![CDATA[Receive <b>direct payments</b> from travelers.]]</englishtext>
    <translatedtext/>
</Section>
</Resources>
like image 750
kaustubh badamikar Avatar asked Nov 24 '25 06:11

kaustubh badamikar

1 Answers

You should use parameterized queries in modern days' software development. That is to avoid hacking injection and errors due to special characters.

Replace the line:

$stid2 = oci_parse(...);

with the following statement preparation code:

$stid2 = oci_parse(
    $conn, 
    "INSERT INTO UILABELINT VALUES (".
        "seq_uilabelint_id.nextval,':localeId',':fileName',':valueId',':text'".
    ")"
);

oci_bind_by_name($stid2, ":localeId", $localeid);
oci_bind_by_name($stid2, ":fileName", $filename);
oci_bind_by_name($stid2, ":valueId",  $value["ID"]);
oci_bind_by_name($stid2, ":text",     $text);

and finally execute the statement, you don't need to use 'str_replace' or 'htmlentities' anymore. Just get the text directly:

$text = $value->translatedtext;

More about OCI parameterizing, see: http://php.net/manual/en/function.oci-bind-by-name.php

like image 123
jondinham Avatar answered Nov 25 '25 20:11

jondinham
Sign in to Comment

Related questions

array_key_exists() exception error , why not working on false?
Count total without duplicate using MySQL and PHP
PHP Binary to Hex with leading zeros

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!