Research on SQL injection attacks and defense methods

• 1、School of computing,Beijing University of Posts and Telecommunications, Beijing 100876
• 2、Beijing Safe-code Technology Co..Ltd, Beijing 100082

Abstract： SQL injection is an important part of WEB security, SQL injection attacks are emerging, and how to defend against SQL injection attacks is currently one of the hot research.In this paper, we first introduce the SQL injection, and then combining with practical application scenarios,a detailed introduction is made on the implementation and results of different types of SQL injection, and then briefly introduces the SQL injection of commonly used detection and prevention methods, and give two SQL injection defense method. First,a symmetric encryption and decryption algorithm based on integer parameters is given in the existing symmetric encryption algorithm which can prevent the integer as an argument of any kinds of injection attacks; Second, a kind of optimized SQL injection attacks prevention method is given based on the SQL injection defense model which has been researched. Finally, the effectiveness of the method is proved by experiments.

Keywords： Computer application,SQL injection defense,Implementation of SQL injection