Searching XML data in PHP

Question

Hello everyone I know to do this search with MySQL using LIKE '"%% $ _POST [" txtbuscar "]%%"', I am now performing in XML. I need to come up with an input txtbuscar.

The script below I have managed to list and page, and search for the most important word, but I believe that is something, but is not working, could you help me please?

XML

<listaccts>
    <acct>
        <disklimit>100M</disklimit>
        <diskused>100M</diskused>
        <domain>dominio.com.br</domain>
        <ip>123.124.125.126</ip>
        <user>Fulano</user>
        <plan>Plano1</plan>
    </acct>
    <acct>
        <disklimit>200M</disklimit>
        <diskused>200</diskused>
        <domain>dominio.com.br</domain>
        <ip>123.124.125.126</ip>
        <user>Fulano2</user>
        <plan>Plano2</plan>
    </acct>
</listaccts>

PHP

$accounts = $xmlapi->listaccts();
$xml = simplexml_load_string($accounts);

if ($_POST["txtBuscar"] == "ligar") {

    $busc = $_POST["buscarURL"];

    foreach ($xml->xpath('//acct') as $acct) {

        $minhaArray = $xml->xpath('//user[.>$busc]');

        $minhaArray = array();
        foreach ($xml->acct as $acct) {
            $minhaArray[] = array(
                    'domain' => (string)$acct->domain,
                    'user' => (string)$acct->user,
                    'ip' => (string)$acct->ip,
                    'disklimit' => (string)$acct->disklimit,
                    'diskused' => (string)$acct->diskused,
                    'plan' => (string)$acct->plan);
        }
    }

HTML

<form id="formBuscaClienteUrl" name="formBuscaClienteUrl" method="post" action="" class="sky-form" onsubmit="return false">
    <input name="txtBuscar" type="hidden" value="ligar" />
    <script language="javascript">document.formBuscaClienteUrl.buscarURL.focus();</script>
    <table width="100%" cellspacing="0" cellpadding="5">
        <tr>
            <td width="95%" style="padding-left:10px;">
                <input name="buscarURL" type="text"/>
            </td>
            <td width="5%"><button style="padding-left:10px;" type="submit" onclick="buscar('formBuscaClienteUrl')" class="button" >Localizar</button></td>
        </tr>
    </table>
</form>

//======================== that's OK ==============

I made some adjustments, is now up, in case anyone wants. Thanks

$busc=$_POST["buscarURL"];

$expression = sprintf("/*/acct[contains(user, '$busc')]", $_POST["buscarURL"]);
$result = $xml->xpath($expression);

$minhaArray = array();
foreach($result as $account){
    $minhaArray[] = array(
        'domain'=>(string)$account->domain,
        'user'=>(string)$account->user,
        'ip'=>(string)$account->ip,
        'disklimit'=>(string)$account->disklimit,
        'diskused'=>(string)$account->diskused,
        'plan'=>(string)$account->plan,

    );

}

Answer 1

If you need to query from an XML document, most easy often is to do via Xpath (as you already thought about), the LIKE you know from SQL is perhaps in your case comparable with contains() in Xpath:

$listaccts = new SimpleXMLElement($accounts);
$txtBuscar = 'lano';

$expression = sprintf('/*/acct[contains(user, %s)]', xpath_string($txtBuscar));
$result = $listaccts->xpath($expression);

foreach($result as $account) {
    printf("User..: %s\nDomain: %s\n", $account->user, $account->domain);
}

Output with your example set:

User..: Fulano
Domain: dominio.com.br
User..: Fulano2
Domain: example.com.br

Note: Like in SQL where you need to take care of SQL injection, I take care as well about xpath injection by properly encoding the search value as string (this perhaps misses an UTF-8 sanitizer in a real-life example when you fetch from $_POST and you don't have your system already configured to sanitize the input generally).