SQL injection attack is a code injection technique used to attack database through website. This happens when the user input is not correctly filtered for string literal escape characters which are present in the statement or when the user input is not strongly typed. In computer science, a type system is said to feature strong typing when it specifies one or more restrictions on how operations involving values of different data types can be intermixed.. [8]. SQL injection is one of the top ten web application attacks.In this paper a method is proposed in which two approaches, one static in which the database is created and another dynamic in which the query structure against the previously stored query structure is compared. If the two structures match then search is stopped and query is regarded as a valid query otherwise the query is an invalid query and is not allowed to access data from database. The Algorithm has been developed using Java. Keywords: Malicious, Flag , Vulnerability, malicious, SQLIA’s.
展开▼
