views:

262

answers:

2

Hi,

I have a simple PHP-based XSLT trasform code that looks like that:

$xsl = new XSLTProcessor();
$xsl->registerPHPFunctions();
$xsl->setParameter("","searchterms", $searchterms);
$xsl->importStylesheet($xslDoc);
echo $xsl->transformToXML($doc);

The code passes the variable $searchterms, which contains a string, as a parameter to the XSLT style sheet which in turns uses it as a text:

<title>search feed for <xsl:value-of select="$searchterms"/></title> 

This works fine until you try to pass a string with mixes in it, say:

$searchterms = '"some"'." text's quotes are mixed."

In that point the XSLT processor screams:

Cannot create XPath expression (string contains both quote and double-quotes)

What is the correct way to safely pass arbitrary strings as input to XSLT? Note that these strings will be used as a text value in the resulting XML and not as an XPATH paramater.

Thanks, Boaz

A: 

if your final output is HTML you could try htmlencoding it. As long as entities are set in stylesheet should be OK

Shaun Hare
A: 

You could use &apos; to escape the single quotes:

$searchterms = '"some" text&apos;s quotes are mixed.'
Jan Willem B