Model Based Hybrid Approach to Prevent SQL Injection Attack in PHP


SQL Injection vulnerability is ranked 1st in the OWASP1 top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities.

Technical Guidance

Project Member:

Kunal Sadalkar

  • Software        


    Content with URLs that have the current URL as a prefix has been hosted in accordance with fair use principles, for academic and non-profit purposes. By downloading the contents of this page, you agree to bring possible violation of fair use to my notice before taking legal recourse.