Proposed Method to Prevent SQL Injection Attack

Authors

  • Makera Aziz Ishik University
  • Dena Ahmed Bayan University

DOI:

https://doi.org/10.25195/ijci.v42i1.85

Keywords:

SQL Injection, Network security, database security

Abstract

the internet and its websites have huge using these days. These webs may have sensitive and secret information like
military information, financial information and other important information that transfer through the networks.
Only some people have the authorization to see and access this information. So information has to transfer in secret
environment. SQL injection represents one of the most important things that thread these webs. In which unauthorized
people can access to the data and information. This paper introduces a method that can be used to prevent SQL injection
by converting the user input to static string, use this string as user input and compared with the database attributes that need
to compare with, during the runtime. The goal behind converting the input to a string is to make user input as a single
unit (one token) that cannot use as a SQL query statement. The system will call the database attribute in such away in which
user cannot access to the sql statement to do the injection. And the sql query will be empty from any input tools that can use by
user to injects the SQL.

Downloads

Download data is not yet available.

Author Biographies

Makera Aziz, Ishik University

Business Management Department

Dena Ahmed, Bayan University

Computer Science Department

Downloads

Published

2016-12-31