| With the development of the Internet, the number of Internet users continues to grow; with the promotion of market demand, web application becomes more popular. Today, the network security has become an important component of national security. Because of the skill level and experience of different programmers, some programmers writing code do not take into account the security of the entire network, especially not for the information submitted by the user to determine the legitimate user interaction, so that the application security risks exist. Data provided containing submission database code when users and web pages interact, which have access to the database for the illegal operation of the database, such as modify, delete or destroy information in the database, which is called SQL Injection. Although the popularity of the network in our lives, but people’s awareness of security is weak, and the current firewall for SQL injection can not take timely protective measures. In addition, SQL injection method is very flexible, cleverly constructed SQL statement when interacting to successfully obtain information from the database. Therefore, the study of SQL injection security is very necessary.The paper researches from SQL injection attacks and prevention on database security, which will start with the basics of SQL Web applications and infrastructure; then it will analyze techniques related to SQL injection and discuss the relevant defenses. This paper mainly research on SQL injection prevention: first it knows about the principles of SQL injection, and then against the previous proposed method of prevention; in the end, it summarizes the advantages and disadvantages and made more efficient prevention methods and models. Examples of verification by SQL injection attack prevention methods, and the proposed model protection authentication, after several tests show that the model can efficiently defense against SQL injection. |
PDF Full Text Request