Corrected previous comment!
Note that $content is automatically sanitized/escaped:
> into >
< into <
& into &
" into "
However, single quotes stay unescaped! This is major drawback, if you're creating sitemaps. To fix that and to prevent double escaping, you will need to use XMLWriter::writeRaw or extend the XMLWriter class and escape the content yourself with i.e.
<?php
$content = htmlspecialchars($content, ENT_QUOTES | ENT_XML1, 'UTF-8');
?>
XMLWriter::text or XMLWriter::writeElement would double escape ' and result in &apos;
XMLWriter::text
xmlwriter_text
(PHP 5 >= 5.1.2, PHP 7, PECL xmlwriter >= 0.1.0)
XMLWriter::text -- xmlwriter_text — Write text
Description
Object oriented style
XMLWriter::text
( string
$content
) : boolProcedural style
xmlwriter_text
( resource
$xmlwriter
, string $content
) : boolWrites a text.
Parameters
-
xmlwriter -
Only for procedural calls. The XMLWriter resource that is being modified. This resource comes from a call to xmlwriter_open_uri() or xmlwriter_open_memory().
-
content -
The contents of the text. The characters
<,>,&and"are written as entity references (i.e.<,>,&and", respectively). All other characters including'are written literally. To write the special XML characters literally, or to write literal entity references, xmlwriter_write_raw() has to be used.
Return Values
Returns TRUE on success or FALSE on failure.
add a note
User Contributed Notes 2 notes
luku at example dot com ¶
6 years ago
luku at example dot com ¶
6 years ago
Note that $content is automatically sanitized/escaped:
> into >
< into <
& into &
" into "
However, single quotes stay unescaped! This is major drawback, if you're creating sitemaps. You need to escape ' into ' before passing it to XMLWriter::text or XMLWriter::writeElement or extend the XMLWriter class.
