0
我無法從我的mysql數據庫加載信息。 我想從我的數據庫加載數據並將其與php變量進行比較,但它不起作用。每當我加載頁面,我看到一個白頁。 
PHP選擇不工作
有人能幫助我嗎?
<?php
define('DB_SERVER', '');
define('DB_USERNAME', '');
define('DB_PASSWORD', '');
define('DB_DATABASE', '');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['login']);
$mypassword = mysqli_real_escape_string($db,hash('ripemd160', $_POST['pass']));
$sql = "SELECT username, password, active FROM User WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($db, $sql);
while($row = mysql_fetch_assoc($result))
{
$username = $row['username'];
$password = $row['password'];
$active = $row['active'];
if($username == $myusername){
if($active == 1)
{
session_start();
$_SESSION["login"] = $myusername;
echo $_SESSION["login"];
header("Location: http://www.example.de");
}
else
{
echo "please verify your email";
}
}
}
}
else
{
header("Location: http://www.fapsite.de/Main/Home/Views/Login/WrongPassword.php");
}
?>
不要張貼代碼的截圖! – AbraCadaver
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊的風險。](http://stackoverflow.com/questions/60174/how-can- ***)瞭解[MySQLi](http://php.net/manual)[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信它?](http://stackoverflow.com/q/38297105/1011527) –
請使用PHP的[內置函數](http://jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。如果您使用的PHP版本低於5.5,則可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。確保你*** [不要越獄密碼](http://stackoverflow.com/q/36628418/1011527)***或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –