Proposed Method to Prevent SQL Injection Attack
the internet and its websites have huge using these days. These webs may have sensitive and secret information like military information, financial information and other important information that transfer through the networks. Only some people have the authorization to see and access this informati...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Arabic |
| Published: |
University of Information Technology and Communications
2016-12-01
|
| Series: | Iraqi Journal for Computers and Informatics |
| Subjects: | |
| Online Access: | http://ijci.uoitc.edu.iq/index.php/ijci/article/view/85 |
| Summary: | the internet and its websites have huge using these days. These webs may have sensitive and secret information like
military information, financial information and other important information that transfer through the networks.
Only some people have the authorization to see and access this information. So information has to transfer in secret
environment. SQL injection represents one of the most important things that thread these webs. In which unauthorized
people can access to the data and information. This paper introduces a method that can be used to prevent SQL injection
by converting the user input to static string, use this string as user input and compared with the database attributes that need
to compare with, during the runtime. The goal behind converting the input to a string is to make user input as a single
unit (one token) that cannot use as a SQL query statement. The system will call the database attribute in such away in which
user cannot access to the sql statement to do the injection. And the sql query will be empty from any input tools that can use by
user to injects the SQL. |
|---|---|
| ISSN: | 2313-190X 2520-4912 |