php302错误,php – 如何修复服务器状态代码：302发现SQL注入我的Firefox插件

我使用

SQL Inject Me Firefox插件扫描了我的登录脚本

根据测试结果,我的脚本很容易受到sql注入攻击.以结果为例

Results:

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

我的剧本

> login.PHP – 登录表单

> check-login.PHP – 检查登录详细信息,这是代码.

$email = clean($_ POST [‘username’]);

$pass = clean($_ POST [‘password’]);

$user =“select * from tbl_admin where admin =’$email’and pass =’$pass’”;

//一些代码

$_SESSION [‘login_mes’] =“您已成功登录！”;

标题( “位置：admin.PHP的”);

出口();

} else {

$_SESSION [‘login_mes’] =“无效的电子邮件地址或密码,请再试一次.”;

标题( “位置：login.PHP中”);

出口();

}

登录失败时出现问题.如果我删除了

} else {

$_SESSION['login_mes'] = "Invalid email address or password,please try again.";

header("Location:login.PHP");

exit();

}

sql Inject Me没有检测到故障以及如何修复此部分？