I am sorry to ask but please explore you question bit more. What do you mean by open layer here ?

openlayers is a mapping api like google maps api

You are nos specific enough, no one is going to answer such a question. First you must know what will be the final representation. Will it be a polygon? Will it be a path? Will it be a marker with a text? Whenever you know it, you find the API functions and examine the required parameters. Then you have to examine your source data. If you have XML, it might be advantageous to use XSLT. If you have them in an SQL database, you should find the proper SQL statements to retrieve and format them. Finally you have to send the data from PHP to JavaScript. Probably the best way is to use JSON because it is a standard and the encode_json function is available in PHP. If you want to see an example of a real application using Google maps, look here – http://icebearsoft.euweb.cz/garicam/ – this is my very first application written in JavaScript, I had to learn JS and both API's and I had just little time to do it.

I have a preferred liking to XML because of the security involved when parsing data from the database to the map application. JSON parses data as plain text which is a problem my application.

Working with google maps is somehow easy, now am interested on the open source apis side now.

Strictly speaking, JSON is not a plain text, it is application/json and can represent the same structure as XML which also looks as a plain text but is application/xml. If your javascripts retrieves an XML file, it must parse it. If it receives JSON, it may directly be assigned to a variable. Databases are not less secure. Of course, the database user must have the minimum priviledges needed for its tasks. And you can hide it in PHP, if the data are accessed remotelly, they may be retrieved by http or https, not by direct SQL queries. The PHP script will do the SQL queries, the requests will be converted to SQL so that the remote user is not allowed to run arbitrary SQL commands, only those that have "api" in your PHP code. I do not know what exactly you want to do so I cannot be more specific. Anyway, in my applications I never expose SQL to users (for security reasons).

Ok, Thank you.