XML php for google maps: error on line .. at column ..: EntityRef: expecting ';'

Question

I used to have a good working XML file on my site (source for a google map). Until a few days ago got this error:

This page contains the following errors: error on line 2 at column 10896: EntityRef: expecting ';' Below is a rendering of the page up to the first error.

I have not made changes to the php file in that time period. Also did some database checks, all seems to be in order (the database connection is working fine).

I read that a common cause for this is using & instead of &amp. But in the parseToXML there is a replace function for that, so that couldn't be the cause I was thinking.

Any tips?

Thank you!

Mark

require("credentials.php");

function parseToXML($htmlStr)
{
    $xmlStr=str_replace('<','&lt;',$htmlStr);
    $xmlStr=str_replace('>','&gt;',$xmlStr);
    $xmlStr=str_replace('"','&quot;',$xmlStr);
    $xmlStr=str_replace("'",'&#39;',$xmlStr);
    $xmlStr=str_replace("&",'&amp;',$xmlStr);
    return $xmlStr;
}

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "SELECT id, name, address, lat, lng, descrip FROM people";
$result = $conn->query($sql);

header("Content-type: text/xml");

// Start XML file, echo parent node
echo '<markers>';
$ind=0;
// Iterate through the rows, printing XML nodes for each
 while($row = $result->fetch_assoc()) {
     // Add to XML document node
     echo '<marker ';
     echo 'id="' . $row['id'] . '" ';
     echo 'name="' . parseToXML($row['name']) . '" ';
     echo 'address="' . parseToXML($row['address']) . '" ';
     echo 'lat="' . $row['lat'] . '" ';
     echo 'lng="' . $row['lng'] . '" ';
     echo 'descrip="' . $row['descrip'] . '" ';
     echo '/>';
     $ind = $ind + 1;
 }

// End XML file
echo '</markers>';

Answer 1

Rather than manually writing out a string it is far easier and more reliable to generate your XML using the various tools designed for the job. PHP has the DOMDocument class which makes tasks like this very straightforward and requires fewer lines of code too ;-/ It also has the benefit of not stuttering if the text content contains chevrons or other characters

<?php
    require 'credentials.php';
    $conn = new mysqli( $servername, $username, $password, $dbname );

    $sql = 'select id, name, address, lat, lng, descrip from people';
    $result = $conn->query( $sql );
    
    
    # generate new DOMDocument & set properties
    $dom = new DOMDocument;
    $dom->formatOutput = true;
    $dom->xmlStandalone = true;
    
    # create the root node and add to the DOM
    $root=$dom->createElement('markers');
    $dom->appendChild( $root ); 
    
    # for convenience it is quicker to iterate through this array to generate attributes
    # thse correspond to the column names / aliases from the sql query
    $attribs=[ 'id', 'name', 'address', 'lat', 'lng', 'descrip' ];
    
    # iterate through recordset, generate new node for each record
    while( $row = $result->fetch_object() ) {
        #add the new node to DOM
        $marker=$dom->createElement('marker');
        $root->appendChild( $marker );
        
        #add attributes
        foreach( $attribs as $attr ){
            $marker->setAttribute( $attr, $row->$attr );
        }
    }
    
    #save or echo?
    header('Content-Type: text/xml');
    echo $dom->saveXML();
    
    #$dom->save('/path/to/file.xml');
?>

Answer 2

@CBroe @Kevin, wow great that you spotted this. Indeed found out in the last few days, an entry in the database was made. An user added that day a text in the descrip field, that contained the & symbol. That killed the XML file output. I now applied parseToXML as well to that descrip line and that fixed the problem.

@Nigel Ren and all, would agree that what I am using now is a bit wonky. Open and honoust, would describe my entire website setup as "wonky" :-). Will look into your suggestions though, for further improvements. For now, thanks so much all!