这是一个管理页面,应显示所选用户的所有数据 我试图仅为一个用户显示数据,但获取一个空页:
<?php
if (isset($_POST['user']))
{
$user = $_POST['user'];
//if username has been selected
if($user == "none")
{
echo '<div class="error"><p>No user has been selected</p></div>';
echo '<meta HTTP-EQUIV="REFRESH" content="1; url=adminPanel.php">';
}
else
{
//form query
$query = "SELECT * FROM User WHERE user = '$user'";
//Execute query
$query_result = mysql_query($query)
or die(mysql_error());
echo '<table>';
while($user_data = mysql_fetch_array($query_result))
{
echo '<tr>';
echo '<td>'.$user_data['user'].'</td>';
echo '<td>'.$user_data['email'].'</td>';
echo '<td>'.$user_data['added'].'</td>';
echo '<td>'.$user_data['admin'].'</td>';
echo '<td>'.$user_data['type'].'</td>';
echo '</tr>';
}
echo '</table>';
}
}
?>
这可能是什么问题?
答案 0 :(得分:0)
你应该先试试: echo“ROW COUNT:”。mysql_num_rows($ query); 或者你可以抛出一个var_dump($ user_data);
答案 1 :(得分:0)
您可以尝试这样的事情。正如其他人所说,使用PDO会好得多,但至少使用mysql_real_escape_string()比将数据直接输入查询更安全。
<?php
if (empty($_POST['user']) || $_POST['user'] == 'none') {
exit('No user was selected set.');
}
$user = (string) mysql_real_escape_string($_POST['user']);
$sql = "
SELECT user, email, added, admin, type
FROM User
WHERE user = '%s'";
$query_string = sprintf($sql, $user);
$result = mysql_query($query_string);
if (empty($result)) {
exit('Failed to retrieve user data.');
}
echo '
<table>';
while ($user = mysql_fetch_assoc($result))
{
echo '
<tr>
<td>', $user['user'], '</td>
<td>', $user['email'], '</td>
<td>', $user['added'], '</td>
<td>', $user['admin'], '</td>
<td>', $user['type'], '</td>
</tr>';
}
echo '
</table>';