|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #45253 SimpleXML interface inconsistent
Submitted: 2008-06-12 21:31 UTC Modified: 2008-11-13 01:00 UTC
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: erudd at netfor dot com Assigned:
Status: No Feedback Package: Documentation problem
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2008-06-12 21:31 UTC] erudd at netfor dot com
Referencing bug #44458

Where in the documentation does it state that the strings must be escaped when setting attributes or assigning values to children. I can find it nowhere in the documentation, nor any examples where you show that you "must escape text content" before entering it into the attribute or text content of an element.

Also this behavior is inconsistent behavior as when you fetch the data it is NOT escaped. So why should I need to escape the data when putting it in?

This makes simpleXML not so simple as I have to perform extra "unexpected" work while storing data into the xml document.  Which I do not have to do with the DOM extension.

Consistency should be high priority in this.. I should expect to retrieve the same value out that I put in. the SimpleXML class should handle encoding and decoding data for me so "I" don't have to think about it.

Reproduce code:
$sxml=new SimpleXMLElement('<test></test>');
$sxml->addChild('child1','One & Two');
echo "Test 1:".(string)$sxml->child1."\n";

$sxml->addChild('child2','One &amp; Two');
echo "Test 2:".(string)$sxml->child2."\n";

$sxml->child3 = 'One &amp; Two';
echo "Test 3:".(string)$sxml->child3."\n";

Expected result:
Test 1:One & Two
Test 2:One &amp; Two
Test 3:One &amp; Two

Actual result:
Test 1:One 
Test 2:One & Two
Test 3:One & Two


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-12 21:46 UTC] erudd at netfor dot com
The XMLWriter extension escapes my input for me as expected instead of requiring me to escape the input first.
 [2008-06-13 00:50 UTC] maito dot gai at gmail dot com
You can have simplicity or completeness, but you can't have them both at the same time. SimpleXML offers simplicity through its magic method ($sxml->child) and completeness through addChild().

If you don't want to bother with escaping, use
   $sxml->child1 = 'One & Two';

If you need to bypass escaping, use
   $sxml->addChild('child1', 'One &amp; Two');

Without addChild(), or if addChild() was identical to the magic method, it would be impossible to use XML entities, eg &#160; would need to be replaced by the actual character if the document's encoding. And if that character was not available in that encoding (or charset, rather) then it would simply be impossible to use.

That's why addChild()'s behaviour is both desirable and needed.
 [2008-06-13 01:40 UTC] erudd at netfor dot com
However when I do 
$xml->child = 'One & Two';

it does not work it results in 

echo (string)$xml->child;

printing "One ";

As I tried doing that to see if it was just the "function" being ODD or the whole SimpleXML.

Basically this behavior has made simpleXML useless to me now.  I either have to use the standard DOM interface, use XMLWriter (which I ended up rewriting the code that had this issue to use XMLWriter instead).  OR write my own wrapper class around simpleXML that does the same behavior with respect to escaping that the rest of the XML APIs in PHP do.
 [2008-06-13 15:50 UTC] maito dot gai at gmail dot com
That's not SimpleXML's normal behaviour, and I couldn't reproduce it on PHP 5.2.6-pl1-gentoo (cli) (built: May 26 2008 02:58:50) + libxml 2.6.31

Check out your PHP version and libxml version, perhaps you're unknowingly running an older release.

Reproduce code:
$sxml=new SimpleXMLElement('<test></test>');

$sxml->child1 = 'One & Two';
echo $sxml->child1, "\n";

$sxml->child1 = 'One &amp; Two';
echo $sxml->child1, "\n";

Actual result:
One & Two
One &amp; Two
 [2008-06-13 19:50 UTC] erudd at netfor dot com
OK.. that code works fine on PHP 5.2.4, 5.2.5, and 5.2.6. However if you don't predefine the element and update it's contents it was expecting it to be "escaped".  Which is fixed on my fresh build of 5.2.6. (though wasn't clearly documented in the changelog (bug #44478))

(I have multiple version of PHP, that I'm unifying up to current).

Still,  this behavior is not documented in the documentation.

Should I file a new bug on the documentation to have it updated? or just switch this one to "Add* methods for simpleXML need documentation updated to show that input needs to be xml entity encoded"?
 [2008-06-13 20:08 UTC] erudd at netfor dot com
Is addAttribute supposed to work the same way as addChild?? As currently it does not (tested in 5.2.5 and 5.2.6)


$xml = new SimpleXmlElement('<test/>');
$xml['attribute'] = "my val";

does not work it throws an error (5.2.6) claiming that the "objects don't support array access operators".
 [2008-11-05 15:55 UTC]
Please describe what exactly should be documented.
 [2008-11-13 01:00 UTC] doc-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu May 23 23:01:26 2019 UTC