It turns out that this is called SQL injection vulnerability, and it has been announced for a long time, but there are so many websites in the case, indicating that everyone's safety awareness is not strong enough: (is not a vulnerability, mainly the loopholes on the program, and reading it is clear, The password has not been encrypted at all: (I suggest you use the password to encrypt and save the database, and you have to make some of the number of password bits, which is a lot of possibilities.