This is part of function controller:
public function generate_google_post()
{
$query = $this->sitemap_model->get_all_products();
foreach ($query as $row) {
$xml .= '<item>
<g:id>'.$row['id'].'</g:id>
</item>';
}
echo $xml;
}
From view.php
In above function I can submit to controller and generate correct XML file with data from mysql.
Issue start from here:
now I want do some customization to write xml content directly in storefront (view) and then call input data to controller and generate xml.
For this I try:
public function generate_google_post2()
{
$xml = '<channel>';
$query = $this->sitemap_model->get_all_products();
foreach ($query as $row) {
$xml .= $this->input->post('add-list');
}
$xml .= '</channel>';
header('Content-type: text/xml');
header('Content-Disposition: attachment; filename="file.xml"');
echo $xml;
}
}
and in view page I try:
<?php echo form_open('sitemap_controller/generate_google_post2'); ?>
<textarea name="add-list" id="add-list" rows="10" cols="75"> </textarea>
<button type="submit" name="process" value="generate" style="margin-bottom: 5px;"><?php echo trans('download_feed'); ?></button>
<?php echo form_close(); ?><!-- form end -->
and now in storefront text area form I try post:
<item>
<gid>'.$row['id'].'</gid>
</item>
XML file generate sucess but the problem is I get output XML:
<channel> <item>
<gid>'.$row['id'].'</gid>
</item> <item>
<gid>'.$row['id'].'</gid>
</item> </channel>
So missing data from mysql. Is any way post from text are and in this way get data from database and then generate to xml ?
I try add if($_POST)
then $query = $this->sitemap_model->get_all_products();
and
foreach ($query as $row) {
$xml .= $this->input->post('add-list');
}
But this not resolved this issue. Full code:
public function generate_google_post2()
{
if($_POST){
$id = $this->input->post('add-list');
$query = $this->sitemap_model->get_all_products();
$xml = '<channel>';
foreach ($query as $row) {
$xml .= $this->input->post('add-list');
}
$xml .= '</channel>';
header('Content-type: text/xml');
header('Content-Disposition: attachment; filename="file.xml"');
echo $xml;
}
}
CodePudding user response:
The $row
variable is being interpreted as text. You wouldn't want to do this anyway as you would be very vulnerable to malicious code submitted in the form. Essentially you are trying to provide some template to the backend to fill with data.
Provide a placeholder in your form.
<item><gid>{id}</gid></item>
In your foreach loop, replace the placeholder with your data.
$template = $this->input->post('add-list');
// Replace your placeholder
$template = str_replace('{id}', $row['id'], $template);
$template = str_replace('{title}', $row['title'], $template);
$template = str_replace('{sku}', $row['sku'], $template);
$template = str_replace('{somethingelse}', $row['thing'], $template);
$xml .= $template;
Anyone who uses this form who is not you would need to be instructed what specific text to use as the placeholder. So you would need to know, or control, what placeholders the user enters.
You could control the placeholders on the front end with buttons that insert the text on the cursor. https://jsfiddle.net/xhgk8cz7/1/