-1

这是一个管理页面,应该显示所选用户的所有数据我试图只显示一个用户的数据,但得到一个空页面:

<?php
    if (isset($_POST['user']))
     {
        $user = $_POST['user'];

        //if username has been selected
        if($user == "none") 
           {
              echo '<div class="error"><p>No user has been selected</p></div>';
              echo '<meta HTTP-EQUIV="REFRESH" content="1; url=adminPanel.php">';
            }
            else
            {

            //form query
        $query = "SELECT * FROM User WHERE user =  '$user'";

        //Execute query
        $query_result = mysql_query($query)
            or die(mysql_error());
        echo '<table>';
        while($user_data = mysql_fetch_array($query_result))
                {

                    echo '<tr>';
                    echo '<td>'.$user_data['user'].'</td>';
                    echo '<td>'.$user_data['email'].'</td>';
                    echo '<td>'.$user_data['added'].'</td>';
                    echo '<td>'.$user_data['admin'].'</td>';
                    echo '<td>'.$user_data['type'].'</td>';
                    echo '</tr>';

                }
        echo '</table>';        
            }
}
?>

这里可能有什么问题?

4

2 回答 2

0

你应该先试试: echo "ROW COUNT: ".mysql_num_rows($query); 或者你可以抛出一个 var_dump($user_data);

于 2012-11-23T17:37:38.090 回答
0

你可能会尝试这样的事情。正如其他人所说,使用PDO会好得多,但至少mysql_real_escape_string()比直接将数据输入到查询中更安全。

<?php
    if (empty($_POST['user']) || $_POST['user'] == 'none') {
        exit('No user was selected set.');
    }

    $user = (string) mysql_real_escape_string($_POST['user']);

    $sql = "
        SELECT user, email, added, admin, type
        FROM User
        WHERE user = '%s'";
    $query_string = sprintf($sql, $user);

    $result = mysql_query($query_string);

    if (empty($result)) {
        exit('Failed to retrieve user data.');
    }

    echo '
        <table>';
    while ($user = mysql_fetch_assoc($result))
    {
        echo '
            <tr>
                <td>', $user['user'], '</td>
                <td>', $user['email'], '</td>
                <td>', $user['added'], '</td>
                <td>', $user['admin'], '</td>
                <td>', $user['type'], '</td>
            </tr>';
    }
    echo '
        </table>';
于 2012-11-23T17:49:38.503 回答