Guys, I’m a total newb when it comes to PHP and even more so when it comes to prepared statements. It took me forever to get my head around getting data out of MySQl and then getting PHP to spit it out in xml format. Having accomplished this major feat my heart sank when I discovered that it was not secure and that prepared statements was the way to go. So, armed with that I searched and searched for an answer to the XML output equivalent in prepared statements. It doesn’t help that I don’t actually know what I’m looking for either!.. So given that I know nothing, can someone please advise me on how I would take my existing query and transpose it into prepared statement speak before I pull all my hair out…
$xml = "<?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?>\
";
$root_element = "cities";
$xml .= "<$root_element>\
";
$countryInitial = $_POST['countryInitial'];
$sql = mysqli_query($con,"SELECT cityID, cityName FROM city WHERE cityCountryInitial ='$countryInitial'");
if(mysqli_num_rows($sql) >0){
while($sql_array = mysqli_fetch_assoc($sql))
{
$xml .= "<".$table.">\
";
//loop through each key,value pair in row
foreach($sql_array as $key => $value)
{
//$key holds the table column name
$xml .= "<$key>";
//embed the SQL data in a CDATA element to avoid XML entity issues
$xml .= "$value";
//and close the element
$xml .= "</$key>\
";
}
$xml.="</".$table.">\
";
}
}
//close the root element
$xml .= "</$root_element>";
//send the xml header to the browser
header ("Content-Type:text/xml");
//output the XML data
print $xml;
Thanking you in advance - a very deflated learner