An Approach of Preventing Code Injection Attack in Web Environment
Source: International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE)
Nearly every web application is developed in a way that the demand of specific data is completed through user input. When dynamic SQL query is used there is a possibility that user may insert malicious code as input in order to have access of sensitive information or unauthorized access of the database. The authors have developed a new mechanism to prevent SQL injection attack, in this method they have stored some exceptional information in the database which cannot be used in normal case, their application look for such exceptional information, if it is found in accessed data then request is discarded by the web server.