Question

我需要使用Django和Python从xml表中搜索值。我在下面解释我的代码。

<form method="post" action="{% url 'search' %}">
<label>Search by Room name: </label>
<input name="rname">
 <input type="submit" value="Submit">
</form>
{% if people %}
    <table>
        <tr>
            <th>Location Name</th>
            <th>Room Name</th>
            <th>seats</th>
            <th>Projector screen</th>
            <th>Video Conference</th>
        </tr>
    {% for person in people %}
        <tr>
            <td>{{person.lname}}</td>
            <td>{{person.roomname}}</td>
            <td>{{person.seat}}</td>
            <td>{{person.project}}</td>
            <td>{{person.video}}</td>
        </tr>
    {% endfor %}
    </table>
{% else %}
    <p>No Record in the database</p>
{% endif %}

在这里，我需要按房间名称进行搜索，并且应该通过以下流程进行搜索。

1-Application uses SQL Query to search for the room(use sql query to search xml data). The user input (room name) is direct without any validation resulting in injection attack.
2-Use prepared statement and pass arguments to it properly

我需要以任何一种方式做到这一点。我正在解释下面的xml文件。

<?xml version="1.0" ?><roomlist>
  <location name="Bangalore">
    <room id="1uy92j908u092">
      <roomname> Aquarius </roomname>
      <noseats> 10 </noseats>
      <projectorscreen>yes</projectorscreen>
      <videoconf>yes</videoconf>
    </room>
  </location>
<location name="Bhubaneswar"><room id="131198912460"><roomname>cottage</roomname><noseats>5</noseats><projectorscreen>Yes</projectorscreen><videoconf>Yes</videoconf></room></location><location name="puri"><room id="509955554930"><roomname>room1</roomname><noseats>10</noseats><projectorscreen>No</projectorscreen><videoconf>Yes</videoconf></room></location></roomlist>

如何使用Django和Python从XML文件中搜索值？

0 个答案: