尝试

 code> htmlspecialchars（$ string_from_hell，ENT_QUOTES，UTF-8）

htmlentities 不会这样做，因为它将创建不能在XML中识别的HTML实体，而只能HTML。您还应该指定字符集，因为默认值不是UTF-8，它是ISO-8859-1。

您还缺少引号（）。

还有更好的方法来创建处理转义的XML文件，例如 XMLWriter 。

I have some strings that are valid in my database but when I include them in an attribute of a UTF-8 XML output they give me the following error:

XML Parsing Error: not well-formed

My current code (simplified):

header('Content-Type: text/xml'); 
echo '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>';
echo '<root attribute="' . htmlentities($string_from_hell) . '">'; 

How should I format these strings before including them in XML attributes?

A possible value for $string_from_hell: î„œ (don't know if it will show up properly)

Try

htmlspecialchars($string_from_hell, ENT_QUOTES, "UTF-8")

htmlentities won't do because it will create HTML entities that are not recognized in XML, only HTML. You should also specify the charset because the default is not UTF-8, it's the ISO-8859-1.

You're also missing the quotes (") around the attribute value.

There are also better ways to create XML files that handle escaping for you. See e.g. XMLWriter.