無法顯示一個用戶數據

Question

這是一個管理頁面，應顯示的所有數據，爲所選用戶 我想僅顯示一個用戶的數據，卻得到一個空白頁：

<?php 
    if (isset($_POST['user'])) 
    { 
     $user = $_POST['user']; 

     //if username has been selected 
     if($user == "none") 
      { 
       echo '<div class="error"><p>No user has been selected</p></div>'; 
       echo '<meta HTTP-EQUIV="REFRESH" content="1; url=adminPanel.php">'; 
      } 
      else 
      { 

      //form query 
     $query = "SELECT * FROM User WHERE user = '$user'"; 

     //Execute query 
     $query_result = mysql_query($query) 
      or die(mysql_error()); 
     echo '<table>'; 
     while($user_data = mysql_fetch_array($query_result)) 
       { 

        echo '<tr>'; 
        echo '<td>'.$user_data['user'].'</td>'; 
        echo '<td>'.$user_data['email'].'</td>'; 
        echo '<td>'.$user_data['added'].'</td>'; 
        echo '<td>'.$user_data['admin'].'</td>'; 
        echo '<td>'.$user_data['type'].'</td>'; 
        echo '</tr>'; 

       } 
     echo '</table>';   
      } 
} 
?> 

這裏可能是什麼問題？

Answer 1

您應該先嚐試： echo「ROW COUNT：」.mysql_num_rows（$ query）; 或者你可以拋出一個var_dump（$ user_data）;

Answer 2

你可能會嘗試這樣的事情。正如其他人所說，使用PDO會更好，但至少與mysql_real_escape_string()相比，您會比將數據直接輸入查詢更安全。

<?php 
    if (empty($_POST['user']) || $_POST['user'] == 'none') { 
     exit('No user was selected set.'); 
    } 

    $user = (string) mysql_real_escape_string($_POST['user']); 

    $sql = " 
     SELECT user, email, added, admin, type 
     FROM User 
     WHERE user = '%s'"; 
    $query_string = sprintf($sql, $user); 

    $result = mysql_query($query_string); 

    if (empty($result)) { 
     exit('Failed to retrieve user data.'); 
    } 

    echo ' 
     <table>'; 
    while ($user = mysql_fetch_assoc($result)) 
    { 
     echo ' 
      <tr> 
       <td>', $user['user'], '</td> 
       <td>', $user['email'], '</td> 
       <td>', $user['added'], '</td> 
       <td>', $user['admin'], '</td> 
       <td>', $user['type'], '</td> 
      </tr>'; 
    } 
    echo ' 
     </table>';