我有一个登录表单,为了测试,我尝试填写“从用户名=测试的帐户中选择*”,然后按Enter键以查看会发生什么。我被重定向到此页面:
我应该担心SQL注入吗?还是这是正常的反应?
编辑:此特定情况的PHP代码。
$sql = "SELECT * FROM accounts WHERE Useremail=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql))
{
echo "There was an error whilst trying to connect to the database. Please re-submit your password reset request.";
exit();
}
else
{
mysqli_stmt_bind_param($stmt,"s",$userEmail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result))
{
header("Location: /reset-password.php?reset=fail");
exit();
}
}