@Article{, title={Proposed Method to Prevent SQL Injection Attack}, author={Makera M Aziz and Dena Rafaa Ahmed}, journal={Iraqi Journal for Computers and Informatics المجلة العراقية للحاسبات والمعلوماتية}, volume={42}, number={1}, pages={59-63}, year={2016}, abstract={the internet and its websites have huge using these days. These webs may have sensitive and secret information like military information, financial information and other important information that transfer through the networks. Only some people have the authorization to see and access this information. So information has to transfer in secret environment. SQL injection represents one of the most important things that thread these webs. In which unauthorized people can access to the data and information. This paper introduces a method that can be used to prevent SQL injection by converting the user input to static string, use this string as user input and compared with the database attributes that need to compare with, during the runtime. The goal behind converting the input to a string is to make user input as a single unit (one token) that cannot use as a SQL query statement. The system will call the database attribute in such away in which user cannot access to the sql statement to do the injection. And the sql query will be empty from any input tools that can use by user to injects the SQL.

} }