我想比较html文件中的用户输入,并使用PHP将其与XML文件进行比较(在这种情况下,XML充当数据库,只是为了学习目的)。这是我当前的代码login.php
<?php
if(count($_POST) > 0)
{
$password = @trim($_POST["password"]);
$email = @trim($_POST["email"]);
$xml2 = file_get_contents('../../data/customer.xml');
if ((strpos($xml2, "<email>$email</email>") !== false) && (strpos($xml2, "<password>$password</password>") !== false))
{
echo 'login succeeded';
//$_SESSION["custno"] = $custno;
$_SESSION['user']=(string) $customer->customerid;
header("location:buying.htm");
}
else
{
echo 'Wrong email or password';
}
}
?>
customer.xml
<?xml version="1.0"?>
<customer>
<user>
<id>0</id>
<fname>John</fname>
<lname>Smith</lname>
<email>jsmith@gmail.com</email>
<password>jsmith</password>
<phone>0412345677</phone>
</user>
<user>
<id>1</id>
<fname>Arthur</fname>
<lname>Black</lname>
<email>ablack@gmail.com</email>
<password>ablack</password>
<phone>0412345678</phone>
</user>
<user>
<id>2</id>
<fname>Brian</fname>
<lname>Luo</lname>
<email>bluo@gmail.com</email>
<password>bluo</password>
<phone>0412345678</phone>
</user>
</customer>
使用当前代码,现有电子邮件和密码的任何组合都将通过。例如bluo@gmail.com使用密码,jsmith仍然会通过登录页面。有什么关于如何修复的建议吗?
我建议在这个上使用PHP的SimpleXML:
$email = 'bluo@gmail.com';
$password = 'bluo';
$xml2 = simplexml_load_file('../../data/customer.xml');
foreach($xml2->user as $user) { // for every user node
if($user->email == $email && $user->password == $password) {
echo 'Yahoo';
}
}
或者使用xpath:
$xml2 = simplexml_load_file('../../data/customer.xml');
$check = $xml2->xpath("//user[email='$email' and password='$password']");
if(count($check) > 0) {
echo 'Yahoo';
}