Thread: XML feed PHP

    #1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,687
    Rep Power
    171

    XML feed PHP


    Hi

    Is this ok to escape and use header like this?

    It is a very simple structure so I didnt bother using simple xml.

    PHP Code:
    class Feed extends CI_Controller {
            
        private $deals='';
        public function index()
            {
                header("Content-type: text/xml; charset=utf-8");
                $this->load->model('model_hotels');
                $this->deals = $this->model_hotels->all_deals();
                
                $xml ='<?xml version="1.0" encoding="UTF-8">';
                $xml = "<deals>";
                
                foreach($this->deals as $val=>$row)
                    {        
                            $xml.= "    <deal id=\"".$row['
    PDDID']."\">";
                            $xml.= "        <property>".html_escape($row['
    hotelname'])."</property>";
                            $xml.= "        <location>".html_escape($row['
    location'])."</location>";
                            $xml.= "        <nights>".html_escape($row['
    nights'])."</nights>";
                            $xml.= "        <inclusions>".html_escape($row['
    deal_inclusions'])."</inclusions>";
                            $xml.= "        <conditions>".html_escape($row['
    conditions'])."</conditions>";
                            $xml.= "        <redemption>".html_escape($row['
    redemption'])."</redemption>";
                            $xml.= "    </deal>";
                        }
                $xml.="</deals>";
                
                echo $xml;
            }
            
    }
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Is there any reason why you're not using a view? Hard-coding XML into a controller sounds like the last thing I'd wanna do. Sure, it's probably just a quick hack, but that's no excuse for breaking MVC.

    Also, according to the manual, CodeIgniter has an Output Class for setting headers.

    Why are you using a nonstandard format for the feed? How is the reader supposed to parse the data? And why do you not escape $row['PDDID']?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,687
    Rep Power
    171
    Originally Posted by Jacques1
    Is there any reason why you're not using a view? Hard-coding XML into a controller sounds like the last thing I'd wanna do. Sure, it's probably just a quick hack, but that's no excuse for breaking MVC.

    Also, according to the manual, CodeIgniter has an Output Class for setting headers.

    Why are you using a nonstandard format for the feed? How is the reader supposed to parse the data? And why do you not escape $row['PDDID']?
    All valid points.
    Thanks

IMN logo majestic logo threadwatch logo seochat tools logo