有人請向我解釋我的代碼有什麼問題?當我嘗試訪問該頁面時,它只是給了我一個HTTP錯誤500.這是代碼。錯誤500使用Mysql在PHP
<?php
$conn = new mysqli("localhost","user","pass","db");
if(!empty($_GET['Info']))
{
$Info = $_GET['Info'];
$sql = "SELECT * FROM `Judges` WHERE `id` EQUALS $Info";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
while($rows = $result->fetch_assoc())
{
$PictureFile = Null
if(empty($rows["PictureFile"]))
{
$PictureFile = "MissingPicture.png";
}
else
{
$PictureFile = $rows["PictureFile"];
}
echo '<div><img src="' . $PictureFile . '" style="width=100px;height=100px;"> <p>This Is Just A Test Message!</p></div>';
}
}
else
{
echo "<p style='text-align: center;'>Your Search Came Back With 0 Results :(</p>";
}
}
$conn->close();
?>
你必須檢查你的網絡服務器日誌。 500錯誤可能是由太多原因造成的。 – Oliver
$ sql =「SELECT * FROM'Judges' WHERE'id' EQUALS $ Info」;應該等於= =? –
您的代碼易受[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻擊。你應該使用[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https://secure.php.net/ manual/en/pdo.prepared-statements.php)準備帶有綁定參數的語句,如[**這篇文章**]所述(https://stackoverflow.com/questions/60174/how-can-i-prevent-sql步噴射功能於PHP)。 –