Displaying text extracted from XML using PHP simplexml

By Posted on

Problem

I have this xml file and i am parsing it with php simplexml.

My XML file looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<noticias>
    <noticia url="noticia-1">
        <titulo>título da notícia 1</titulo>
        <desc>plain text.</desc>
        <texto>plain text.</texto>
        <img></img>
        <in>Publico</in>
    </noticia>
    ...
</noticias>

In my php page i parse it like this:

$file = 'xml/noticias.xml';
if(file_exists($file)) {
    $xml = simplexml_load_file($file);
    foreach($items as $item) {
        $titulo = htmlentities($item->titulo, ENT_QUOTES, 'utf-8');
        $desc = htmlentities($item->desc, ENT_QUOTES, 'utf-8');
        $url = htmlentities($item['url'], ENT_QUOTES, 'utf-8');

        if(strlen($titulo) < 3) {$titulo = 'T&iacute;tulo em falta';} else {$titulo = $titulo;}
        if(strlen($desc) < 3) {$desc = 'Descri&ccedil;&atilde;o em falta';} else {$desc = $desc;}
        if(strlen($url) < 3) {$h3 = '<h3>'.$titulo.'</h3>';} else {$h3 = '<a href="noticia/'.$url.'"><h3>'.$titulo.'</h3></a>';}

        ?>
            <div class="col-lg-3 col-md-6">
                <div class="item">
                    <div class="content">
                        <?php echo $h3; ?>
                        <p><?php echo $desc; ?></p>
                    </div>
                </div>
            </div>
        <?php
    }
}
else {
    // do something... throw error message
}

Is this ok? i mean, i escape values when i get from xml. Is it ok to do it like this or should i escape values on echo? is there any danger to leave as i have?

other thing… i have the xml files protected with htaccess. right now, they can only be edited directly. no scripts to edit them.

Solution

My preference is to leave the html escaping until the last minute.

Here are some changes you could make to simplify your code.

Code should work but there is no link between $xml and $items, so unable to test.

<?php

$file = 'xml/noticias.xml';

// guard clause exit early, instead of last
if (!file_exists($file)) {
    // do something... throw error message
    throw new Exception('File does not exist');
}

$xml = simplexml_load_file($file);

foreach ($items as $item) {
    $titulo = $item->titulo;
    $desc = $item->desc;
    $url = $item['url'];

    // use mb_ function as you are dealing with unicode text, strlen will report incorrect length
    if (mb_strlen($titulo) < 3) {
        $titulo = 'Título em falta';
    }
    // no need to reassign value to itself
    //else {
    //    $titulo = $titulo;
    //}

    if (mb_strlen($desc) < 3) {
        $desc = 'Descrição em falta';
    }
//    else {
//        $desc = $desc;
//    }

    // not expecting url to be unicode
    if (strlen($url) >= 3) {
        $url = "noticia/{$url}";
    } else {
        $url = null;
    }

    $h3 = $titulo;

//        $h3 = '<h3>' . $titulo . '</h3>';
//    } else {
//        $h3 = '<a href="noticia/' . $url . '"><h3>' . $titulo . '</h3></a>';
//    }
    ?>

    <div class="col-lg-3 col-md-6">
        <div class="item">
            <div class="content">
                <?php if ($url): ?>
                    <a href="<?php echo $url; ?>">
                <?php endif; ?>

                <h3><?php echo htmlentities($h3); ?></h3>

                <?php if ($url): ?>
                    </a>
                <?php endif; ?>

                <p><?php echo htmlentities($desc); ?></p>
            </div>
        </div>
    </div>
    <?php
}

Leave a Reply

Your email address will not be published. Required fields are marked *