In this paper, the authors present the most critical security risk of vulnerable web applications, SQL injection attack. They design a system based on machine learning for preventing SQL injection attack, which utilizes pattern classifiers to detect injection attacks and protect web applications. The system captures parameters of HTTP requests, and converts them into numeric attributes. Numeric attributes include the length of parameters and the number of keywords of parameters. Using these attributes, the system classifies the parameters by Bayesian classifier for judging whether parameters are injection patterns.