Document Type : Research Article


1 Department of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.

2 Computers and Control Engineering Department, Faculty of Engineering, Tanta University, Tanta, Egypt.


The functionality of web-based system can be affected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research efforts have been made to deal with such attack. The majority of the protection techniques adopt defence strategy which resulting to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL is always a serious challenge for web-based system. This kind of attack is still attractive for hackers and it is in growing progress. For
that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attack. In addition, it outlines challenges, open issues and future trends of solutions in this context.


[1] Kyriakos Kritikos, Kostas Magoutis, Manos Papoutsakis, and Sotiris Ioannidis. A survey on vulnerability assessment tools and databases for cloud-based web applications. Array, 3:100011, 2019.
[2] BH HemaMalini, L Suresh, and Mayank Kushal. Comprehensive analysis of students’ performance by applying machine learning techniques. In Smart Intelligent Computing and Applications, pages 547–556. Springer, 2020.
[3] Igor Tasevski and Kire Jakimoski. Overview of sql injection defense mechanisms. In 2020 28th Telecommunications Forum (TELFOR), pages 1–4. IEEE, 2020.
[4] Solomon Ogbomon Uwagbole, William J Buchanan, and Lu Fan. Applied machine learning predictive analytics to sql injection attack detection and prevention. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pages 1087–1090. IEEE, 2017.
[5] Haiyan Zhang and Xiao Zhang. Sql injection attack principles and preventive techniques for php site. In Proceedings of the 2nd International Conference on Computer Science and Application Engineering, pages 1–9, 2018.
[6] Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, and Guozhen Liu. Detection of sql injection based on artificial neural network. KnowledgeBased Systems, 190:105528, 2020.
[7] Oluwakemi Christiana Abikoye, Abdullahi Abubakar, Ahmed Haruna Dokoro, Oluwatobi Noah Akande, and Aderonke Anthonia Kayode. A novel technique to prevent sql injection and cross-site scripting attacks using knuthmorris-pratt string match algorithm. EURASIP Journal on Information Security, 2020(1):1–14, 2020.
[8] Muhammad Saidu Aliero, Imran Ghani, Kashif Naseer Qureshi, and Mohd Fo’ad Rohani. An algorithm for detecting sql injection vulnerability using black-box testing. Journal of Ambient Intelligence and Humanized Computing, 11(1):249–266, 2020. 
[9] Benjamin Appiah, Eugene Opoku-Mensah, and Zhiguang Qin. Sql injection attack detection using fingerprints and pattern matching technique. In 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), pages 583–587. IEEE, 2017.
[10] Zar Chi Su Su Hlaing and Myo Khaing. A detection and prevention technique on sql injection attacks. In 2020 IEEE Conference on Computer Applications (ICCA), pages 1–6. IEEE, 2020.
[11] Rajashree A Katole, Swati S Sherekar, and Vilas M Thakare. Detection of sql injection attacks by removing the parameter values of sql query. In 2018 2nd International Conference on Inventive Systems and Control (ICISC), pages 736–741. IEEE, 2018.
[12] Pan Lin, Wang Jinshuang, Chen Ping, and Yang Lanjuan. Sql injection attack and detection based on greensql pattern input whitelist. In 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE), pages 187–190. IEEE, 2020.
[13] Vedant Singh and Vrinda Yadav. Survey of blockchain applications in database security. In Advances in Distributed Computing and Machine Learning, pages 147–154. Springer, 2021.
[14] Venkata Vamsikrishna Meduri, Kanchan Chowdhury, and Mohamed Sarwat. Evaluation of machine learning algorithms in predicting the next sql query from the future. ACM Transactions on Database Systems (TODS), 46(1):1–46, 2021.
[15] Ding Chen, Qiseng Yan, Chunwang Wu, and Jun Zhao. Sql injection attack detection and prevention techniques using deep learning. In Journal of Physics: Conference Series, volume 1757, page 012055. IOP Publishing, 2021.
[16] Muhammad Saidu Aliero, Kashif Naseer Qureshi, Muhammad Fermi Pasha, Awais Ahmad, and Gwanggil Jeon. Detection of structure query language injection vulnerability in web driven database application. Concurrency and Computation: Practice and Experience, page e5936, 2020.
[17] Jianwei Hu, Wei Zhao, and Yanpeng Cui. A survey on sql injection attacks, detection and prevention. In Proceedings of the 2020 12th International Conference on Machine Learning and Computing, pages 483–488, 2020.