Analysis of SQL Injection Attack
SQL injection attacks are a serious security threat to Web applications. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these database contain. Various researchers and practitioners have proposed various methods to address the SQL injection problem. To address this problem, the authors present an extensive review of the various types of SQL injection attacks known to date. For each type of attack, they provide descriptions and examples of how attacks of that type could be performed. They also present a methodology to prevent SQL injection attacks. It concentrates on the SQL queries and SQL stored procedure where input parameters are injected by the attacker.