Date Added: Jun 2012
SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations. Based on the authors' observation that the injected string in a SQL injection attack is interpreted differently on different databases, in this paper, they propose a novel and effective solution to solve this problem. It has been proposed to detect various types of SQLIA.