evilprofessorDesigns

I’ve come up with a problem recently returning data via an XML feed using AJAX. In my case I was returning a list of images each having several links to perform various tasks (e.g. set as main image, add as thumbnail, add full image, etc).

The first load would go through fine and all images and their links would appear as I’d expect. There was also no problems in IE7, Safari (on Windows), or Opera 9+. When it came to Firefox 2 the image list would be cut short! Editing the javascript it basically seems that the returned data would be cut off at 4096 characters.

It took a while to track down the result. I thought initially this might of been a javascript maximum string length problem, but that other browsers just let the issue slip. Not that either. Anyway it turns out that text nodes are split at 4096 characters.

It’s quite simple to fix you simply need to normalise() your returned data in your AJAX script. Simply add the second line once you’ve gathered your XML data:

xmlResponse = xmlHttp.responseXML;
xmlResponse.normalize();

This will solve the 4096 character limit when using Firefox 2 or any other browser I haven’t checked that doesn’t normalise the data automatically.

A quick and easy way to protect yourself from mySQL injection attacks in PHP is to use…

$sql = "insert into table set ";
 foreach ($_POST as $key => $data)
 {
     $sql .= $key." = '".strip_tags(htmlentities(addslashes($data)))."',";
 }
 $sql .= mysql_query(rtrim($sql,',').";") or die(mysql_error());

What this script does is to take your $_POST data and remove anything malicious from it. Looping over the $_POST data we build up an SQL statement. At the end then we simply execute using with mysql_query.

NOTE: This does not validate your data, it just helps prevent malicious attacks.

Another version of this that I use to to grab all my form information into variables to to place the following code within the foreach loop instead…

eval("$".$key." = '".strip_tags(htmlentities(addslashes($data)))."';");

This makes up a list of variables following your forms field names and strips malicious code from them. This method then allows you to do some form validation before inserting data into your tables

I’ve used my RSS feed generator on a few sites now, so I figure it’s about time I share. The final output validates and conforms to RSS2.0 standards so it will import into most things. I’ve even got mine linked to my facebook profile. The full code is at the bottom of the page.

Basically I use my RSS script to generate news feeds for the sites that I write. Examples can be seen on these sites,

• Cardiff Scuba RSS Feed,
• Seraph Estates RSS Feed.

But generally you can use the feed generator to serve any information you wish. For example would be the results of a search query where the query variables can be picked up from $_GET[]’s $_POST[]’s.

Anyway a question a friend asked me was “What’s the Point in RSS” good question! Click on the link to find out

Right anyway onto the script. Firstly we need to tell the browser or news-aggregator that it’s looking at a rss:xml feed,

It’s at this point that I usually set up my database connection and link to the information I require so usually it’ll be something like,

I limit to 50 as no one wants to see 1000’s of posts going back years and years unless they specifically ask for it Then we start writing out the ‘introduction’ part of the feed,

Then we loop through our items (in this case news articles) printing the data out to our xml file,

Remember for our RSS feed all text should be UTF-8 encoded so we include a little function to do this,

Then it’s just a simple case of closing down our xml tree and we’re all done,

Pretty painless wasn’t it And you can use these feeds to output anything of use. If someone is returning to your site to check for updated information should it be course dates, news items, forum posts, blog entries, even property searches it can all be done using RSS feeds.

Here’s the entire script: