Are you sure you’re thinking of an SQL injection? If they’re creating spam registrations, that wouldn’t be an SQL injection.
You can turn on ReCAPTCHA support in your config.inc.php to cut down on the amount of spam registration, but as Google recently retired their old ReCAPTCHA API, you’ll need to patch your OJS to support the new one. See reCaptcha V2 Manual upgrade steps - #2 by asmecher for details.
See How do I combat SPAM? for more details on spam registrations.
OJS 3.x already supports ReCAPTCHA v2 out of the box.
Regards,
Alec Smecher
Public Knowledge Project Team