0

我有一个 XPATH 查询,我在 PHP 中针对来自 CWE 的以下 XML 运行:

<Weaknesses>
<Weakness ID="211" Name="Test" Weakness_Abstraction="Base" Status="Incomplete">
<Description>
<Description_Summary>
The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.
</Description_Summary>
</Description>
</Weakness>
</Weaknesses>

我使用 XPATH 编写了以下 PHP,以便针对“Description_Summary”子节点中的内容,但是,它只是返回 Array()。我有一个 $_GET ,它从上一页中提取 $searchString 变量,指向我在“弱点”节点中找到的特定属性。

<?php
$searchString = $_GET["searchString"];
echo "<b>CWE Name: </b>" . $searchString . "</br>";
$xml = simplexml_load_file("cwe.xml");

$description = $xml->xpath('//Weakness[@Name="'. $searchString .'"]/Description/Description_Summary/text()');

echo "<pre>"; print_r($description); echo "</pre>";

?>

它目前返回的内容:

Array
(
    [0] => SimpleXMLElement Object
        (
        )

)

我的打印语句或 XPATH 查询有什么问题?谢谢!

4

2 回答 2

0

您的代码没有任何问题。通过对从字符串中读取的一些修改,我在键盘上进行了测试,它运行良好

<?php
$xml = '<Weaknesses>
<Weakness ID="211" Name="Test" Weakness_Abstraction="Base" Status="Incomplete">
<Description>
<Description_Summary>
The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.
</Description_Summary>
</Description>
</Weakness>
</Weaknesses>';

$searchString = 'Test';
echo "<b>CWE Name: </b>" . $searchString . "</br>";
$xml = simplexml_load_string($xml);

$description = $xml->xpath('//Weakness[@Name="'. $searchString .'"]/Description/Description_Summary/text()');

echo "<pre>"; print_r((string) $description[0]); echo "</pre>";

?>

并返回:

<b>CWE Name: </b>Test</br><pre>
The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.
</pre>

可能是文件不包含您认为的内容,或者$searchString不等于Test.

于 2013-07-16T03:16:04.720 回答
0

我的打印声明有什么问题。

看起来不太错,但有一些问题。首先,您可以将其简化为一个表达式:

echo "<pre>", print_r($description, true), "</pre>";

但这只是装饰性的。另一件看起来错误的事情是您正在print_r使用SimpleXMLElement. 两者print_rvar_dump不能很好地与 simplexml 一起使用,因为这些对象具有魔力。

而是将它们作为 XML 回显,这应该是最具描述性的:

echo "<pre>", htmlspecialchars($description[0]->asXML()), "</pre>";

示例输出(纯文本):

<pre>&lt;Description_Summary&gt;
The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.
&lt;/Description_Summary&gt;</pre>

这已经表明您没有在这里查询任何文本节点,而是一个元素。阅读为什么。

我的 XPath 查询有什么问题?

您正在使用 simplexml 扩展。它只能返回有限的 xpath 支持。如您的示例所示,调用该xpath()方法不会失败,但是,在返回数组中,没有 text-nodes 因为SimpleXMLElement 不能是 text-node

因此,像您 ( ) 那样使用 XPath 表达式来查询文本节点... text()是有点错误的。

于 2013-07-16T07:59:40.520 回答