You can enclose text with CDATA if you are concerned about such characters - that works well

PS: I'm using PHP5, creating the XML file in a variable then pushing it to an XSLT file for the layout with some PHP headers to download the file.

Quite a few Word characters (e.g. ` ) also convert to entities. I'm curently find/replacing them for proper characters like '
This is ok right?

Thanks Vince! That sounds like it could be what I need. Tell me, have you ever experienced any unparsed characters breaking/causing problems for the XML document? If not, I think you've just saved my bacon.

My preferred technique is to use a CDATA section to enclose anything that's potentially unfriendly to XML syntax, which really means anything that is user-generated data or human-readable text.

You need to be careful using HTML entities in XML. Here's why.

Say you use PHP's htmlentities() function to turn all your "£" into "£", "©" into "©", ad so on.

For example:

<element>My Business &copy;</element>

They will live comfortably in the XML, and if you're outputting the XML node values on a web page, the browser will display them as £ and ©. Browsers are generally pretty nice about rendering HTML entities.

But the fragment above will not validate, because XML doesn't know what a "©" is. That's an HTML entity, not an XML entity.

So if you're parsing the XML document with PHP's xml_parse(), it'll choke. The reason is the DTD - the built-in XML DTD will have entity declarations for the basic furious five: &, >, <, ", and '. You can include those five entities in any XML document, without worrying about extending the DTD.

But a generic XML document almost certainly won't have a declaration for &uumlaut; or &thorn;. Those are HTML entities, not XML entities. Just as HTML defines a <table> tag, it also defines what &pound; is. That is, HTML knows what a &pound; is, but XML does not.

XML is an open language and you can declare your own entities, like &google; or &myvariable; - they're all legitimate, but they do have to be in the DTD or the parser will judge that your document is invalid.

If you're going to use HTML entities in an XML document, you need to declare all the ones you use, right at the beginning, like so:

<?xml?>
<!ENTITY pound CDATA "&#163;">
<!ENTITY copy CDATA "&#169;">
<rootnode>
<child>
<child>...

If that sounds like an unnecessary inconvenience, that's because it is. You can do it with a custom PHP function [ca3.php.net], but IMHO it's much easier just to use a CDATA container as it's meant to be used.

If you're the only one using your XML output, and you get it doing something useful without it XML being valid (ie, having undeclared entities in it), then you may ignore all of this. But someday, someone else may want to use your data, and if it's not valid they may have problems parsing it, or transforming it with XSLT, or whatever else. I'm sure the guilt will haunt you relentlessly.

Cheers