Proposed Method to Prevent SQL Injection Attack

Abstract

the internet and its websites have huge using these days. These webs may have sensitive and secret information likemilitary information, financial information and other important information that transfer through the networks.Only some people have the authorization to see and access this information. So information has to transfer in secretenvironment. SQL injection represents one of the most important things that thread these webs. In which unauthorizedpeople can access to the data and information. This paper introduces a method that can be used to prevent SQL injectionby converting the user input to static string, use this string as user input and compared with the database attributes that needto compare with, during the runtime. The goal behind converting the input to a string is to make user input as a singleunit (one token) that cannot use as a SQL query statement. The system will call the database attribute in such away in whichuser cannot access to the sql statement to do the injection. And the sql query will be empty from any input tools that can use byuser to injects the SQL.