Execute a Xquery with PHP

How to use Saxon/C to execute an XQuery from PHP?

The PHP API documentation on Saxon/C has what you need:


Also check out the examples in the samples directory in the download zip file. See the file xqueryExamples.php

Escaping input for insertion into XQuery string

Don't dynamically construct queries if you don't have to, you'll have to put lots of effort into escaping to prevent code injections (and still might overlook a parameter somewhere). Consider using externally bound variables instead, which can be compared to prepared statements in SQL.

As you seem to use BaseX and PHP, this is an example for the BaseX PHP binding:

// create query instance
$input = 'declare variable $name external; for $i in 1 to 10 return element { $name } { $i }';
$query = $session->query($input);
// bind variable
$query->bind("name", "number");
// print results
print $query->execute()."\n";

If you're using another interface to BaseX, registering external variables should be possible with all of them. Other XQuery implementations should also provide similar mechanics to bind variables, external variables are officially XQuery standard.

prepare and execute in one method

Found the bug... xquery() should return $sth

public function xquery($sql){
if(($sth = $this->prepare($sql)) === false){
$error_arr = $this->errorInfo();
$this->error .= '<span title="error_code:'.$error_arr[0].'">(prepare) '.$error_arr[1].':'.$error_arr[2].'</span>';

if($sth->execute() === false){
$error_arr = $sth->errorInfo();
$this->error .= '<span title="error_code:'.$error_arr[0].'">(execute) '.$error_arr[1].':'.$error_arr[2].'</span>';

return $sth;

Using curl to load an xsl page returns an actual cardinality error

My immediate guess is that your Java app is expecting the User-Agent header to be set. Since Curl does not send a User-Agent header by default, you will need to set one. Try adding this above your option to set CURL_TIMEOUT_m2.


If for some reason it does not like that User-Agent string, you might want to try using one from an actual browser.


Per your edit, this is because you've typoed the curl timeout constant. It should be CURLOPT_TIMEOUT_MS not CURLOPT_TIMEOUT_m2.

Related Topics

Leave a reply