0

I can't seem to figure out how to save an XML file that I generated with the DOM objects to my database..

Here is my PHP:

$xmlraw = $doc->saveXML();

$xmlQuery=sprintf("INSERT INTO xmlTestTable (XMLString) VALUES ('%s')", $xmlraw); 

$result = mysql_query($xmlQuery);

I also tried:

$xmlQuery=sprintf("INSERT INTO xmlTestTable (XMLString) VALUES ('%s')", $doc->saveXML()); 

$result = mysql_query($xmlQuery);

Where $doc is the XML Document I created.

I am able to see the XML output in my browser when I do this:

echo $doc->saveXML();

There are no errors being outputted or anything...

My MySQL Column that this is being injected into is 'Long Text'

Thank you in advance!!

Improve this question
0

2 Answers 2

Reset to default
4

First of all, you need to get the XML string, using, as you guessed, the saveXML() method :

$xmlraw = $doc->saveXML();


Then, you need to insert this value ; but you must escape it properly !

Escaping a string to inject it into an SQL query is something you'll do using the specific function that's provided by the API you're using to connect to your database -- as you are using mysql_* functions, you'll use mysql_real_escape_string()

$escapedString = mysql_real_escape_string($xmlraw);


Now, you have the string you can inject into your SQL query :

$query = "INSERT INTO xmlTestTable (XMLString) VALUES ('$escapedString')";

You can also use sprintf, like you did, of course.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Please escape the xml with mysql_real_escape_string - this will fix your problem, and it will save you from sql injection attacks.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.