Understanding Query Vulnerabilities for Various SQL Injection Techniques

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 243)


SQL injections pose a lot of risk to e-commerce sites as well as Web pages that are database driven. There are various kinds of SQL injections. For each type, there are different ways of interpreting the errors and cracking the query for exploiting the Web site. This paper discusses how to understand the errors for each type of injection. This will help us find exhaustive solutions to every kind of injection strategy. This paper also suggests few remedies to defend and prevent such attacks.


SQL injection Web security Injection errors Blind injection 


  1. 1.
    Baranwal, A.K.: EECE 571B. Term Survey PaperGoogle Scholar
  2. 2.
    Halfond, W.G.J., Viegas, J., Orso, A.: A classification of SQL injection attacks and countermeasures. IEEE (2006)Google Scholar
  3. 3.
    Lee, I., Jeong, S.,Yeo, S., Moon, J.: A Novel Method for SQL Injection Attack Detection Based on Removing SQl Query Attribute Values, vol. 55, pp. 58–68. Elsevier Ltd (2012) (All right reserved)Google Scholar
  4. 4.
    Singh, N., Purwar, R.K.: SQL Injection-A Hazard to Web Application, vol. 2(6) (2012)Google Scholar
  5. 5.
    Wu, H., Gao, G., Miao, C.: Test SQL injection vulnerabilities in web applications based on structure matching. IEEE 978-1-4577-1587-7/11/2011Google Scholar
  6. 6.
    Huang, B., Xie, T.,Ma, Y.: Anti SQL injection With statements sequence digest. IEEE 978-1-4577-1964-6/12 2012Google Scholar
  7. 7.
    Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. IEEE 978-0-7695-4692-6/12 2012Google Scholar
  8. 8.
    Jiao, G., Xu, C.-M., Maohua, J.: SQLIMW: a new mechanism against SQL-injection. IEEE 978-0-7695-4719-0/12 2012Google Scholar
  9. 9.
    Patel, N., Mohammed, F., Soni, S.: SQL injection attacks: techniques and protection mechanisms. IJCSE. 3(1) (2011)Google Scholar
  10. 10.
    Giri, D.R., Kumar, S.P., Prasanna Kumar,L., Vishnu Murthy, R.N.V.: Object oriented approach to SQL injection preventer. ICCCNT (2012)Google Scholar
  11. 11.
    AL-Khashab, E., Al-anzi, F.S., Salman, A.A.: PSIAQOP: Preventing SQL Injection Attacks Based on Query Optimization Process. ACM 978-1-4503-0793-2 (2011)Google Scholar

Copyright information

© Springer India 2014

Authors and Affiliations

  1. 1.School of Information Technology and Engineering—SITEVIT UniverstiyVelloreIndia

Personalised recommendations