help with htmlspecialchars validation function

General PHP Help
#1

I know my code is messy but I am still learning. I don’t really have the time right now to rewrite the code right now but I will when I get a chance which I know will help but bascially all I want to do is use the php function htmlspecialchars on my section of code where the post data is for each zone value. The reason is this xml file is being imported into excel and its throwing errors for each zone value if it happens to contain an ampersand.

[php]<?php
$myFile = “{$_POST[‘Last_Name’]}-{$_POST[‘Request_Number’]}.xml”;
$fh = fopen($myFile, ‘w’) or die(“can’t open file”);
$stringData = "<?xml version='1.0' encoding='windows-1250'?>

{$_POST[‘Request_Number’]}
{$_POST[‘Company’]}
{$_POST[‘First_Name’]}
{$_POST[‘Last_Name’]}
{$_POST[‘Phone’]}
{$_POST[‘Fax’]}
{$_POST[‘Email’]}

{$_POST['Address']} {$_POST['City']} {$_POST['State']} {$_POST['Zipcode']} {$_POST['Project_Name']} {$_POST['Project_Zipcode']} {$_POST['Ease_of_Installation']} {$_POST['Performance']} {$_POST['Start_Date']} {$_POST['Installer_Level']} {$_POST['Heatsource']} {$_POST['Overall_structure_insulation']} {$_POST['Comments']} {$_POST['Zone_Name']} {$_POST['Zone_Name2']} {$_POST['Zone_Name3']} {$_POST['Zone_Name4']} {$_POST['Zone_Name5']} {$_POST['Zone_Name6']} {$_POST['Zone_Name7']} {$_POST['Zone_Name8']} {$_POST['Zone_Name9']} {$_POST['Zone_Name10']} {$_POST['Design_Temperature']} {$_POST['Design_Temperature2']} {$_POST['Design_Temperature3']} {$_POST['Design_Temperature4']} {$_POST['Design_Temperature5']} {$_POST['Design_Temperature6']} {$_POST['Design_Temperature7']} {$_POST['Design_Temperature8']} {$_POST['Design_Temperature9']} {$_POST['Design_Temperature10']} {$_POST['Snow_Melting']} {$_POST['Snow_Melting2']} {$_POST['Snow_Melting3']} {$_POST['Snow_Melting4']} {$_POST['Snow_Melting5']} {$_POST['Snow_Melting6']} {$_POST['Snow_Melting7']} {$_POST['Snow_Melting8']} {$_POST['Snow_Melting9']} {$_POST['Snow_Melting10']} {$_POST['Tubing']} {$_POST['Tubing2']} {$_POST['Tubing3']} {$_POST['Tubing4']} {$_POST['Tubing5']} {$_POST['Tubing6']} {$_POST['Tubing7']} {$_POST['Tubing8']} {$_POST['Tubing9']} {$_POST['Tubing10']} {$_POST['Type_of_Installation']} {$_POST['Type_of_Installation2']} {$_POST['Type_of_Installation3']} {$_POST['Type_of_Installation4']} {$_POST['Type_of_Installation5']} {$_POST['Type_of_Installation6']} {$_POST['Type_of_Installation7']} {$_POST['Type_of_Installation8']} {$_POST['Type_of_Installation9']} {$_POST['Type_of_Installation10']} {$_POST['Slab_Thickness']} {$_POST['Slab_Thickness2']} {$_POST['Slab_Thickness3']} {$_POST['Slab_Thickness4']} {$_POST['Slab_Thickness5']} {$_POST['Slab_Thickness6']} {$_POST['Slab_Thickness7']} {$_POST['Slab_Thickness8']} {$_POST['Slab_Thickness9']} {$_POST['Slab_Thickness10']} {$_POST['Thin_Slab']} {$_POST['Thin_Slab2']} {$_POST['Thin_Slab3']} {$_POST['Thin_Slab4']} {$_POST['Thin_Slab5']} {$_POST['Thin_Slab6']} {$_POST['Thin_Slab7']} {$_POST['Thin_Slab8']} {$_POST['Thin_Slab9']} {$_POST['Thin_Slab10']} {$_POST['Over_Subfloor']} {$_POST['Over_Subfloor2']} {$_POST['Over_Subfloor3']} {$_POST['Over_Subfloor4']} {$_POST['Over_Subfloor5']} {$_POST['Over_Subfloor6']} {$_POST['Over_Subfloor7']} {$_POST['Over_Subfloor8']} {$_POST['Over_Subfloor9']} {$_POST['Over_Subfloor10']} {$_POST['Joist_Spacing']} {$_POST['Joist_Spacing2']} {$_POST['Joist_Spacing3']} {$_POST['Joist_Spacing4']} {$_POST['Joist_Spacing5']} {$_POST['Joist_Spacing6']} {$_POST['Joist_Spacing7']} {$_POST['Joist_Spacing8']} {$_POST['Joist_Spacing9']} {$_POST['Joist_Spacing10']} {$_POST['Subfloor']} {$_POST['Subfloor2']} {$_POST['Subfloor3']} {$_POST['Subfloor4']} {$_POST['Subfloor5']} {$_POST['Subfloor6']} {$_POST['Subfloor7']} {$_POST['Subfloor8']} {$_POST['Subfloor9']} {$_POST['Subfloor10']} {$_POST['Area']} {$_POST['Area2']} {$_POST['Area3']} {$_POST['Area4']} {$_POST['Area5']} {$_POST['Area6']} {$_POST['Area7']} {$_POST['Area8']} {$_POST['Area9']} {$_POST['Area10']} {$_POST['Window_Area']} {$_POST['Window_Area2']} {$_POST['Window_Area3']} {$_POST['Window_Area4']} {$_POST['Window_Area5']} {$_POST['Window_Area6']} {$_POST['Window_Area7']} {$_POST['Window_Area8']} {$_POST['Window_Area9']} {$_POST['Window_Area10']} {$_POST['Wall_Length']} {$_POST['Wall_Length2']} {$_POST['Wall_Length3']} {$_POST['Wall_Length4']} {$_POST['Wall_Length5']} {$_POST['Wall_Length6']} {$_POST['Wall_Length7']} {$_POST['Wall_Length8']} {$_POST['Wall_Length9']} {$_POST['Wall_Length10']} {$_POST['Door_Area']} {$_POST['Door_Area2']} {$_POST['Door_Area3']} {$_POST['Door_Area4']} {$_POST['Door_Area5']} {$_POST['Door_Area6']} {$_POST['Door_Area7']} {$_POST['Door_Area8']} {$_POST['Door_Area9']} {$_POST['Door_Area10']} {$_POST['Ceiling_Height']} {$_POST['Ceiling_Height2']} {$_POST['Ceiling_Height3']} {$_POST['Ceiling_Height4']} {$_POST['Ceiling_Height5']} {$_POST['Ceiling_Height6']} {$_POST['Ceiling_Height7']} {$_POST['Ceiling_Height8']} {$_POST['Ceiling_Height9']} {$_POST['Ceiling_Height10']} {$_POST['Heated_Above']} {$_POST['Heated_Above2']} {$_POST['Heated_Above3']} {$_POST['Heated_Above4']} {$_POST['Heated_Above4']} {$_POST['Heated_Above6']} {$_POST['Heated_Above7']} {$_POST['Heated_Above8']} {$_POST['Heated_Above9']} {$_POST['Heated_Above10']} {$_POST['Heated_Below']} {$_POST['Heated_Below2']} {$_POST['Heated_Below3']} {$_POST['Heated_Below4']} {$_POST['Heated_Below5']} {$_POST['Heated_Below6']} {$_POST['Heated_Below7']} {$_POST['Heated_Below8']} {$_POST['Heated_Below9']} {$_POST['Heated_Below10']} {$_POST['Quote_Baseboard']} {$_POST['Quote_Baseboard2']} {$_POST['Quote_Baseboard3']} {$_POST['Quote_Baseboard4']} {$_POST['Quote_Baseboard5']} {$_POST['Quote_Baseboard6']} {$_POST['Quote_Baseboard7']} {$_POST['Quote_Baseboard8']} {$_POST['Quote_Baseboard9']} {$_POST['Quote_Baseboard10']} {$_POST['Glycol']} {$_POST['Glycol2']} {$_POST['Glycol3']} {$_POST['Glycol4']} {$_POST['Glycol5']} {$_POST['Glycol6']} {$_POST['Glycol7']} {$_POST['Glycol8']} {$_POST['Glycol9']} {$_POST['Glycol10']} {$_POST['Domestic_Hot_Water']} {$_POST['Showers']} {$_POST['Simultaneous_Showers']} {$_POST['Sinks']} {$_POST['Vanities']} {$_POST['Toilets']} {$_POST['Washers']} {$_POST['Spigots']} "; fwrite($fh, $stringData); $stringData = "\n"; fwrite($fh, $stringData); fclose($fh); ?>[/php]
#2

Well, the easiest way is to just use the string replace function and replace the ampersand with a space or
a dash or whatever would fit into the Excel sheet. Something like:

str_replace("&", " ", $_POST[‘Zone_Name’]

Otherwise, you can “escape” it by adding a slash to it. But, normally an ampersand will not throw an error
as it is a valid character. But, if it is being thrown inside of Excel, you might have to look that error up in the
Excel docs.

Not sure as you did not tell us which error your were getting… Hope that helps…

Sponsor our Newsletter | Privacy Policy | Terms of Service