Search code examples
phphtml-entitieshtmlspecialchars

Escaping xml in php output

I'm echoing some output from mysql. I have no control over it as it's a log file, but there is one particular log that messes up my html when it is displayed.

Here is a snippet I took of the log:

a következő helyen: System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)<br />
a következő helyen: System.Number.ParseDecimal(String value, NumberStyles options, NumberFormatInfo numfmt)<br />
Parsing hand: <br />
<?xml version="1.0" encoding="utf-16"?><br />
<HandDetails SiteName="Poker

When I display that in a table, it's all messed up. I tried using hmtlentities and htmlspecialchars, but both of those print hidden <br /> tags and the <br /> doesn't work, so no line breaks are displayed. Any ideas what the best approach is?

I was thinking of looking for the opening and closing <> and then replacing them with [], but I'm not sure if there would be side affects, and I sometimes don't have the ending one because I take a snippet of 600 or so lines of code, so it can be cut off at any point

I don't mind altering the data, it doesn't have to display 100% as is (FWIW, it inserts into the database without issue; it's when I echo it out that the problem occurs).

//NEW EDIT WITH MORE INFO

Ok so i looked at the source code and it shows this:

<td>   at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget, Nullable`1 channelSet)&lt;br /&gt;
   at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean enableRenderTarget)&lt;br /&gt;
   at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr lParam)&lt;br /&gt;
   at System.Windows.Interop.HwndTarget.HandleMessage(WindowMessage msg, IntPtr wparam, IntPtr lparam)&lt;br /&gt;
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wP</td>

My code for outputting it is pretty simple:

$result1 = mysql_query($feedback_query_first);

    while ($row1 = mysql_fetch_array($result1))
    {
    $first_date = $row1['snippet_date'];
    $snippet_text_pre = $row1['snippet_text'];
    $snippet_text = htmlspecialchars($snippet_text_pre);
    }

    echo '<td>'. $snippet_text.'</td>';

If i remove htmlspecialchars then i get the original problem with xml messing everything up but the formatting is fine, line breaks etc are observed, when i leave it there i get the
inserted as text with no line breaks?????

Solution

  • htmlspecialchars doesn't "print hidden <br /> tags". Take a closer look at the generated HTML ("View Source" in your browser) and see what exactly is causing the problem.