Comprehensive Review of Advanced Techniques for Mitigating SQL Injection Vulnerabilities in Modern Applications
Comprehensive Review of Advanced Techniques for Mitigating SQL Injection Vulnerabilities in Modern Applications
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
Comprehensive Review of Advanced
Techniques for Mitigating SQL Injection
Vulnerabilities in Modern Applications
Amit Hariyani1*; Dr. Prashant Dolia2
1
Smt. Chandaben Mohanbhai Patel Institute of Computer Applications, Charotar University of Science and
Technology, Off. Nadiad-Petlad Highway, Changa, Anand, 388421, Gujarat, India
2
Department of Computer Science, M. K. Bhavnagar University, Sardar Patel Campus, Bhavnagar, 364002,
Gujarat, India
Corresponding Author: Amit Hariyani1*
Publication Date: 2025/04/16
Abstract: SQL injection (SQLi) remains a major security threat to database-driven applications, making it essential to
protect the confidentiality, integrity, and availability of data. In this research, we summarize effective strategies to prevent
SQL injection attacks (SQLIAs), such as parameterized queries, stored procedures, Object Relational Mappers (ORM),
input validation, input escaping, and Web Application Firewalls (WAF). We assess each technique based on how well it
works, how easy it is to use, and its impact on performance, with real-world examples to show their use. Our literature
review covers research from the past five years, highlighting the changing nature of SQLi threats and the improvements in
prevention methods. This study offers a detailed look at effective SQLi prevention techniques and their implementation,
and a comparison of their effectiveness. By understanding and using these approaches, organizations can significantly
reduce the risk of SQLIAs and protect their important data.
Keywords: SQL Injection, Database Security, Parameterized Queries, Stored Procedures, ORM, Input Validation.
How to Cite: Amit Hariyani; Dr. Prashant Dolia. (2025). Comprehensive Review of Advanced Techniques for Mitigating SQL
Injection Vulnerabilities in Modern Applications. International Journal of Innovative Science and Research
Technology, 10(3), 3063-3070. https://doi.org/10.38124/ijisrt/25mar1982.
I. INTRODUCTION To counter these threats, several techniques have been
developed to reduce the risk of SQLi [7]. One of the best
SQL Injection (SQLi) poses a significant threat to methods is to use parameterized queries [8], also known as
applications that rely on databases [1] and is widely prepared statements. These separate the SQL code from the
regarded as one of the most severe security issues affecting user inputs, ensuring that the inputs are treated as data and
websites. This type of attack occurs when user inputs are not as executable code, which stops the attack. Stored
not handled correctly in SQL queries [2], allowing attackers procedures that encapsulate SQL logic within a database
to run any SQL code they want on a database. Successful also help to reduce direct exposure to SQL queries and
SQLi attacks can lead to unauthorized access to sensitive enable input validation and security policies within the
data, data breaches, data manipulation, and complete database layer [9].
control of the database server [3]. Despite improvements in
web security, SQLi remains a significant risk; therefore, it The Object Relational Mapper (ORM) [10] simplifies
is important to develop effective prevention methods [4]. database interactions by automatically handling
SQLi attacks are popular owing to their simplicity and parameterizations, thereby reducing the risk of SQLi.
effectiveness. Attackers can create harmful inputs that ORMs offer a high-level programming interface that makes
change SQL queries, bypass security checks, and gain database operations easier for developers, while ensuring
unauthorized access to data [5]. Many high-profile data security [11]. Input validation and sanitization improve
breaches have been caused by SQLi attacks, leading to security by verifying that user inputs meet the expected
financial losses, damage to reputations, and legal problems formats and remove harmful characters [12]. Escaping
for affected organizations [6]. Databases store important input characters is another method for preventing SQLi and
information, such as personal data and financial records; treating special characters in user inputs safely [13]. Web
therefore, their security is very important. Application Firewalls (WAFs) [14] provide an extra layer
IJISRT25MAR1982 www.ijisrt.com 3063
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
of defense by inspecting incoming requests and filtering In recent years, using Machine Learning (ML) and
malicious inputs before they reach an application. WAFs Artificial Intelligence (AI) to detect SQLi has become more
are particularly effective in protecting against various web popular [19, 36, 37]. Brindavathi and Demilie [20, 21]
application attacks, including SQLi [15]. found that ML models can identify SQLi patterns and stop
attacks in real-time. Their studies showed that ML-based
The Objectives of this Study are as Follows: methods can outperform traditional signature-based
methods by learning and adapting to new attack vectors,
To evaluate the effectiveness of SQLi prevention thereby offering stronger defence mechanisms. Similarly,
techniques Kakisim and Tang [22, 23] investigated the use of deep
To analyze recent advances in SQLi detection and learning for SQLi detection, and highlighted that neural
prevention networks can identify complex and previously unknown
To compare the practical implementation of SQLi injection patterns.
prevention methods
To identify and discuss the challenges and limitations of Web Application Firewalls (WAFs) are crucial for
current SQLi prevention methods preventing SQLi attacks by filtering and monitoring HTTP
To propose a comprehensive strategy for SQLi requests in web apps. Mukhtar and Azer [24] found that
mitigation WAFs effectively stop many SQLi attempts; however, they
should be used alongside other security measures such as
This study provides an in-depth examination of various input validation and parameterized queries for maximum
strategies for combating SQLIAs. It reviews the protection. WAFs add an extra layer of security, but their
effectiveness, ease of use, and performance impact of effectiveness relies on regular updates and proper
techniques, such as parameterized queries, stored configurations to address new threats.
procedures, ORMs, input validation, input escaping, and
WAFs. It also addresses the challenges of balancing security Appropriate input validation and sanitization are
with 2 performance and emphasizes the need for ongoing essential for preventing SQLi attacks. Fadlalla and
development and education in secure coding practices. Elshoush [25] found that secure coding practices, including
strict input validation, are vital in preventing harmful inputs
The rest of this paper is structured as follows: Section from reaching a database. Ali [26] reviewed various input
2 covers related works on SQLi vulnerabilities and validation techniques and discovered that while these
prevention techniques. Section 3 provides a brief overview methods are effective as a first line of defence, they need to
of the proposed methodology for identifying and mitigating be used with other security measures for full protection.
SQLi vulnerabilities. Section 4 discusses the experimental
setup and analysis of the results. Section 5 concludes the Parameterized queries and stored procedures are well-
study and outlines future research directions in this field. recognized for their effectiveness in preventing SQLi. Sidik
[27] noted that parameterized queries are essential for
II. RELATED WORK separating SQL code from user inputs, thereby eliminating
the attack vector. Lu [28] highlighted that stored procedures
The study covers research from the last five years, encapsulate SQL logic within a database, reduce the
focusing on the changing nature of SQLi threats and exposure to direct SQL queries, and enable better input
advancements in countermeasures. Researchers have validation and security policies at the database level.
emphasized the importance of using a comprehensive
approach for SQLi prevention by combining multiple ORMs such as SQLAlchemy [29, 30] simplify
techniques to ensure strong protection. database operations by managing interactions and
parameterization, which help to reduce the risk of SQLi and
The ongoing challenges of SQLi threats highlight the makes database management easier for developers. Dash
importance of cybersecurity. As a regular threat to the [31] also noted that, although ORMs may add some
OWASP top ten list [16] of critical web application security performance overhead, their benefits in terms of security
risks, SQLi requires constant monitoring and improvements and developer efficiency make them a key tool in modern
in prevention methods. A comprehensive approach that application development.
combines static and dynamic analyses is necessary to
effectively identify and address vulnerabilities, as noted by Fredrick et al. [32] found that automated tools for
Alsmadi and Farooq [17, 18]. They also pointed out the preventing SQLi are essential for spotting vulnerabilities
limitations of traditional detection methods and early in the development process. By integrating these tools
recommended using hybrid machine-learning models, into continuous integration and deployment (CI/CD)
which have been shown to improve accuracy and detection pipelines, the risk of SQLi can be significantly reduced by
rates. identifying and fixing vulnerabilities before they can be
exploited. Angshuman et al. [33] emphasized the need to
educate developers and provide ongoing training in secure
coding practices to further reduce SQLi risks.
IJISRT25MAR1982 www.ijisrt.com 3064
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
Table 1: Summary of Literature Review Findings
Authors Focus Key Findings
Alsmadi et al. SQLi detection and prevention Emphasized hybrid approaches combining
[17] techniques static and dynamic analysis
Umar Farooq Machine learning for SQLi Improved accuracy with hybrid machine learning
et al. [18, 36] detection Models
Mukhtar and Effectiveness of WAFs WAFs need to be combined with other techniques
Azer [24] for optimal security
Kakisim et al. Deep learning for SQLi detection Neural networks show promise in detecting complex
[22] patterns
Fadlalla and Elshoush Secure coding practices Importance of developer education and secure coding
[25] practices
Fredrick et al. [32] Automated tools for SQLi prevention Automated detection mechanisms can identify
vulnerabilities early
Brindavathi and Demilie Machine learning-based SQLi Machine learning improves detection rates compared to
[20, 21] detection signature-based methods
Tang et al. [23] Real-time SQLi mitigation with neural Effective real-time SQLi mitigation using neural networks
networks
III. METHODOLOGIES C. Object Relational Mappers
ORMs simplify database interactions, automatically
This study examines six primary methods for manage parameterizations, and reduce the risks of SQLi.
preventing SQLi: parameterized queries, stored procedures, This paper provides an example of ORM using
ORMs, input validation, input escaping, and WAFs. We SQLAlchemy in Python.
assess each method based on how well it works, how easy
it is to use, and how it affects performance. Python
# Example of ORM usage in Python with SQLAlchemy
A. Parameterized Queries
Parameterized queries use placeholders for user from sqlalchemy import create_engine, Column, Integer,
inputs, which ensures that these inputs are treated as data String
and not as executable code. This method is illustrated with from sqlalchemy.ext.declarative import declarative_base
examples in Python using SQLite. from sqlalchemy.orm import sessionmaker
Python Base = declarative_base()
# Example of parameterized query in Python using SQLite class User(Base):
import sqlite3 __tablename__ = 'users'
def get_user_data(user_id): id = Column(Integer, primary_key=True)
conn = sqlite3.connect('example.db') name = Column(String)
cursor = conn.cursor()
cursor.execute("SELECT * FROM users WHERE id = engine = create_engine('sqlite:///example.db')
?", (user_id,)) Session = sessionmaker(bind=engine)
result = cursor.fetchall() session = Session()
conn.close() def get_user_data(user_id):
return result return session.query(User).filter(User.id == user_id).all()
B. Stored Procedures D. Input Validation and Sanitization
Stored procedures keep SQL code within the database, Input validation checks that user inputs match the
which limits direct access to SQL queries and allows input expected formats, whereas sanitization removes harmful
validation. This study includes examples of stored characters. This study includes examples of input validation
procedures in SQL Server. using regular expressions in Python.
Sql Python
import re
-- Example of stored procedure in SQL Server def validate_input(user_input):
if re.match("^[a-zA-Z0-9_]+$", user_input):
CREATE PROCEDURE GetUserData return True
@UserId INT return False
AS
BEGIN E. Input Escaping
SELECT * FROM Users WHERE Id = @UserId Escaping special characters from the user input
END prevents SQLi by ensuring that these characters are treated
IJISRT25MAR1982 www.ijisrt.com 3065
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
as plain text. This method is demonstrated using Python's overall application security. For example, while
MySQLdb library. parameterized queries and ORMs are highly effective at the
code level, they might not protect against all types of
Python attacks that target other parts of the application. In such
import MySQLdb cases, input validation and escape add an extra defence
def escape_input(user_input): layer by ensuring that only safe inputs reach the database.
conn = MySQLdb.connect('localhost', 'user', 'passwd', Additionally, WAFs can detect and block SQLi attempts to
'db') bypass other defences, thereby providing an essential safety
cursor = conn.cursor() net.
escaped_input = MySQLdb.escape_string(user_input)
cursor.execute(f"SELECT * FROM users WHERE name A comparative analysis of SQLi prevention techniques
= '{escaped_input}'") (Table 2) shows that parameterized queries and ORMs are
result = cursor.fetchall() the most effective at preventing SQLi, with minimal impact
conn.close() on performance. ORMs simplify database interactions by
return result allowing developers to work with objects rather than with
raw SQL queries. Parameterized queries use placeholders
F. Web Application Firewalls for user input, keeping SQL code separate from data to
WAFs add an extra layer of security by examining prevent changes to the query structure. Stored procedures
incoming requests and blocking harmful input. This study contain SQL code within the database and perform
covers popular WAFs, such as ModSecurity and AWS- predefined tasks, offering strong protection, but being more
WAF. complex to implement and maintain.
IV. RESULTS AND ANALYSIS Input validation ensures that only acceptable data are
processed by setting rules for type, length, format, and
This study found that no single method could provide range. While input validation and escape are useful as
full protection against SQLIAs. Because SQLi threats initial defenses, they should be used with other methods for
constantly evolve, a comprehensive strategy that combines complete protection. WAFs protect web applications from
multiple techniques is required to cover all aspects of various attacks, including SQLi attacks, by monitoring and
application security. This approach not only addresses SQLi filtering HTTP requests. They provide valuable broad
vulnerabilities at different levels but also strengthens the security, but may add some latency.
Fig 1: Web Application Firewall Architecture
IJISRT25MAR1982 www.ijisrt.com 3066
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
Table 2: Comparative Analysis of SQL Injection Prevention Techniques
Ease of Performance
Technique Effectiveness Example Use Cases
Implementation Impact
Parameterized Queries High Moderate Low Web applications
Stored Procedures High Moderate Moderate Enterprise systems
ORMs High High Moderate Large-scale applications
Input Validation Moderate High Low User input forms
Input Escaping Moderate Moderate Low Legacy systems
Web Application Firewalls High High Variable Web services
Fig. 2 compares different techniques based on their them a key part of any defence strategy. Input validation and
effectiveness, ease of implementation, performance impact, stored procedures add extra security, particularly when used
flexibility, and maintenance needs. It offers a clear overview alongside parameterized queries. WAFs provide immediate,
to help choose the best technique or a combination of though not fully comprehensive protection. ORM
techniques for a specific situation. frameworks build security during the development process,
reducing the risk of human error. Using a combination of
The effectiveness of SQLi prevention methods depends these methods customized to the application design and
on the specific application scenarios. Parameterized queries vulnerabilities is the best way to reduce SQLi risks.
consistently provide strong protection in all cases, making
Fig 2: Comparison of SQLi Prevention Techniques based on Different Criteria
Table 3: Effectiveness of SQL Injection Prevention Techniques in Various Scenarios
Technique Scenario Effectiveness Key Considerations
Parameterized Queries Web applications High Simple to implement; low performance impact
Stored Procedures Enterprise systems High Requires complex implementation; high performance for
large systems
ORMs Large-scale High Abstracts database operations; moderate performance
applications impact
Input Validation User input forms Moderate Easy to implement; often used as a supplementary measure
Input Escaping Legacy systems Moderate Requires careful handling; low performance impact
Web Application Web services High Provides broad protection; potential latency introduced
Firewalls
Developers and system administrators must consider with potential performance benefits from precompiled
how SQLi prevention techniques affect system performance. execution plans. WAFs have a moderate impact, providing
Although security is crucial, it is important to choose broad protection, but increasing latency and resource use.
methods that do not significantly slow down the system. ORM frameworks also have a moderate impact, simplifying
Input validation has a minimal performance impact and development and boosting security, but require careful
provides cost-effective initial defense. Parameterized queries optimization to prevent performance issues.
have a low to moderate impact, offering strong security with
a manageable effect on performance. Stored procedures also
have a low-to-moderate impact, combining good security
IJISRT25MAR1982 www.ijisrt.com 3067
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
V. DISCUSSION extensive developer training, which increases development
time and costs. Input validation and escaping are simpler to
A key challenge in using SQLi prevention methods is implement, but may not fully protect against SQLi on their
finding an appropriate balance between security, own; they work best when combined with more robust
performance, and usability. Parameterized queries and ORMs methods. WAFs are powerful but can add latency and require
are very effective but can complicate development, requiring regular updates to stay current with new threats.
Table 4: Comparative Performance Impact of Prevention Techniques
Performance Latency Resource
Technique Typical Use Case
Impact Introduced Consumption
Parameterized Queries Low Minimal Low General web applications
Stored Procedures Moderate Moderate Moderate Enterprise applications
ORMs Moderate Low to Moderate Moderate Complex, Largescale systems
Input Validation Low Minimal Low Form inputs and simple queries
Input Escaping Low Minimal Low Older or less frequently updated systems
Web Application Firewalls Variable High High High-traffic web services
ML and AI are promising approaches to SQLi adjustments are essential for effective SQLi prevention. This
prevention.Machine learning models can process vast means regularly updating WAFs and other security tools to
amounts of data to detect patterns and anomalies that may detect new attack patterns, performing regular security audits,
signify SQLIAs. These models can continuously learn and and staying updated on the latest SQLi research and
adapt to new attack methods, offering flexible defences that prevention methods. By adopting a proactive and adaptable
evolve with emerging threats. Recent studies, such as those approach to SQLi prevention, organizations can significantly
by Hasan et al. [34] and Alkhathami et al. [35], have shown improve their ability to protect their databases from
that ML methods can significantly improve the detection of malicious attacks and maintain the integrity and security of
SQLi attacks compared to traditional signaturebased their data.
approaches. However, these advanced techniques require
specialized knowledge and resources, which may not be VI. LIMITATIONS
available to all organizations. Secure coding practices are
crucial for effective SQLi prevention. Fadlalla et al. [25] This study identified several limitations of the SQLi
highlighted that educating developers about SQLi risks and prevention methods. These include inconsistent
training them in secure coding practices are essential. This implementation quality, constantly changing threat
includes properly using parameterized queries, stored landscapes, and the challenges of combining multiple
procedures, and ORMs as well as implementing effective defences. The effectiveness of these methods can vary
input validation and escape. significantly depending on the development environment,
and attackers continuously develop new techniques to bypass
Regularly investing in training and awareness programs existing defences, thereby requiring ongoing updates to
is essential for organizations to keep their development teams prevention strategies. Additionally, strong prevention
up-to-date with the latest security practices and threats. techniques can create trade-offs between security,
Additionally, including security checks throughout the performance, and usability and may require specialized
development process, such as code reviews and automated knowledge and resources that not all organizations can
vulnerability scans, helps to identify potential SQLi afford. Combining multiple techniques can also lead to
vulnerabilities early. Despite advancements in SQLi compatibility issues, and many methods rely on developers to
prevention techniques, several challenges persist. The ever- consistently use secure coding practices, which can be
evolving nature of SQLi attacks requires constant updates to variable. Defensive tools such as WAFs mainly protect
prevention strategies. This means that ongoing research and against network or application layer threats and may not fully
development is needed to identify new vulnerabilities and cover vulnerabilities at the database or application logic
create effective countermeasures. The practical examples and levels. Real-world applications often include legacy codes
case studies in this study show how different SQLi and third-party components, which complicate the
prevention techniques are applied in real-world situations. implementation of advanced security measures. To overcome
These examples emphasize the need to tailor prevention these limitations, a comprehensive approach is needed that
strategies according to the specific needs and contexts of combines ongoing research, advanced technologies, and
various applications. For instance, enterprise systems might practical strategies, such as developing integrated tools,
benefit more from stored procedures that can handle complex improving developer education, and exploring AI and ML for
business logic and enforce database-level security policies. adaptive defences against evolving SQLi threats.
On the other hand, web applications with high user
interaction may use parameterized queries and ORMs to VII. CONCLUSION AND FUTURE WORK
ensure secure and efficient data handling. Understanding the
strengths and weaknesses of each technique helps In conclusion, SQLi continues to pose a significant
organizations to implement a well-rounded and effective threat to database security, necessitating robust preventive
SQLi prevention strategy. Ongoing monitoring and measures. This study has examined various effective
IJISRT25MAR1982 www.ijisrt.com 3068
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
techniques for mitigating SQLIAs, including parameterized [3]. A. Al Anhar and Y. Suryanto, ”Evaluation of Web
queries, stored procedures, ORMs, input validation, input Application Vulnerability Scanner for Modern Web
escaping, and WAFs. The analysis demonstrates that Application,” 2021 International Conference on
employing a combination of these strategies offers the most Artificial Intelligence and Computer Science
comprehensive protection against SQLi vulnerabilities. Technology (ICAICST), Yogyakarta, Indonesia
(2021), pp. 200-204, doi:
Future research should focus on developing integrated 10.1109/ICAICST53116.2021.9497831.
and effective prevention strategies for SQLi attacks. This [4]. Xue Ping-Chen, “SQL injection attack and guard
includes exploring how machine-learning models and technical research”, Procedia Engineering, Volume 15,
anomaly detection can work with traditional defenses. (2011), Pages 4131-4135, ISSN 1877-7058,
Continued emphasis on educating developers and applying https://doi.org/10.1016/j.proeng.2011.08.775.
secure coding practices is essential for addressing the root [5]. Harshavardhan Gaddam and M. Maheshwari, ”SQL
causes of vulnerabilities. Additionally, expanding the use of Injection-Biggest Vulnerability of the Era”, EasyChair
automated tools that can detect and fix SQLi vulnerabilities Preprint no. 4175, September 13, (2020)
during development could greatly reduce human error and [6]. Yuchong Li, Qinghui Liu, ”A comprehensive review
enhance the overall security. study of cyberattacks and cyber security; Emerging
trends and recent developments”, Energy Reports,
ACKNOWLEDGEMENT Volume 7, (2021), Pages 8176-8186, ISSN 2352-
4847, https://doi.org/10.1016/j.egyr.2021.08.126.
I would like to express my gratitude to the Department [7]. Ma, L., Gao, Y., Zhao, D., Zhao, ”Research on SQL
of Computer Science, M.K. Bhavnagar University for its injection attack and prevention technology based on
support. I also extend my thanks to Dr. Prashant Dolia, my web.”, International Conference on Computer
research supervisor, for his invaluable constructive Network, Electronic and Automation (ICCNEA), pp.
suggestions and ideas, which greatly enhanced the quality of 176–179 (2019)
this paper. [8]. Mona Alsalamah 1, Huda Alwabli 1, Hutaf Alqwifli 1,
and Dina M. Ibrahim, ”A Review Study on SQL
DECLARATIONS Injection Attacks, Prevention and Detection”, The ISC
Int’l Journal of Information Security, November
Funding Statement: This study received no external (2021), Volume 13, pp. 1-9
funding. [9]. Raniah Alsahafi, ”SQL Injection Attacks: Detection
And PreventionTechniques”, International Journal of
Data Availability: The datasets and code produced in this Scientific And Technology Research, Volume 8, Issue
study are available from the corresponding author upon 01, January (2019). pp. 182-185
request. [10]. https://owasp.org/www-project-web-security-testing
guide/latest/4- Web Application Security Testing/07-
Author Contributions: Mr. Amit Hariyani contributed to Input Validation Testing/05.7- Testing for ORM
the design, implementation, writing, and analysis of the Injection
results for the manuscript. Dr. Prashant Dolia conceived [11]. https://deep4k.medium.com/orm-injection-
the project and provided supervision. 80ffa48d305e
[12]. Parveen SULTANA and Nishant SHARMA,
Ethical Approval: This article does not contain any “Prevention of SQL Injection Using a Comprehensive
studies with human participants or animals performed by Input Sanitization Methodology”, Recent
any of the authors. Developments in Electronics and Communication
Systems (2023), pp. 276- 282,
Conflict of Interest: The authors declare no conflict of doi:10.3233/ATDE221269
interest. [13]. https://offensive360.com/second-order-sql-injection-
attack/, December 21, (2021).
REFERENCES [14]. V. Clincy and H. Shahriar, ”Web Application Firewall:
Network Security Models and Configuration,” 2018
[1]. L. Ma, D. Zhao, Y. Gao and C. Zhao, ”Research on IEEE 42nd Annual Computer Software and
SQL Injection Attack and Prevention Technology Applications Conference (COMPSAC), Tokyo, Japan,
Based on Web,” 2019 International Conference on (2018), pp. 835-836, doi:
Computer Network, Electronic and Automation 10.1109/COMPSAC.2018.00144.
(ICCNEA), Xi’an, China, (2019), pp. 176-179, doi: [15]. Saher Manaseer and Ahmad K. Al Hwaitat,
10.1109/ICCNEA.2019.00042. “Centralized Web Application Firewall Security
[2]. Omer Aslan, Semih Serkant Aktu ¨ ˘g and Merve System”, Modern Applied Science (2018); Vol. 12,
Ozkan-Okay, ”A Comprehensive Review of Cyber No. 10; 2018
Security Vulnerabilities, Threats, Attacks, and [16]. Open Web Application Security Project (OWASP),
Solutions”, (2023) Electronics 12(6):1-42, DOI: ”The Open Web Application Security Project
10.3390/electronics12061333. (OWASP): SQL Injections as Critical Weakness in
IJISRT25MAR1982 www.ijisrt.com 3069
Volume 10, Issue 3, March – 2025 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/25mar1982
Web-Based Systems”, (2023), [28]. Lu, Dongzhe, Jinlong Fei, and Long Liu. 2023. ”A
https://owasp.org/www-project-top-ten/ Semantic Learning-Based SQL Injection Attack
[17]. Alsmadi, I, AlEroud, A & Saifan, AA 2021, ”Fault- Detection Technology” Electronics 12, no. 6: 1344,
based testing for discovering SQL injection (2023). https://doi.org/10.3390/electronics12061344
vulnerabilities in web applications”, International [29]. https://auth0.com/blog/sqlalchemy-orm-tutorial-for-
Journal of Information and Computer Security, (2021) python-developers/
vol. 16, no. 1-2, pp. 51-62. [30]. https://docs.sqlalchemy.org/en/20/orm/
https://doi.org/10.1504/IJICS.2021.117394 [31]. https://www.analyticsvidhya.com/blog/2022/07/a-
[18]. Umar Farooq, ”Ensemble Machine Learning brief-introduction-to-sqlalchemy/
Approaches for Detection of SQL Injection Attack”, [32]. Ochieng, Fredrick and Kaburu, Dennis and John, Ndia
(2021) Tehniˇcki glasnik. 15. 112-120. G., ”AutomationBased User Input SQL Injection
10.31803/tg20210205101347. Detection and Prevention Framework”, (May 2,
[19]. Zhou, Fei, Honghai Fan, Yuhan Liu, Hongbao Zhang, 2023). Computer and Information Science; Vol. 16,
and Rongyi Ji. (2023). ”Hybrid Model of Machine No. 2; (2023); https://doi.org/10.5539/cis.v16n2p51,
Learning Method and Empirical Method for Rate of Available at SSRN: https://ssrn.com/abstract=4439431
Penetration Prediction Based on Data Similarity” [33]. Angshuman Jana and Dipendu Maity, “Code-based
Applied Sciences 13, no. 10: 5870. Analysis Approach to Detect and Prevent SQL
https://doi.org/10.3390/app13105870 Injection Attacks” , 2020 11th International
[20]. B. Brindavathi, A. Karrothu and C. Anilkumar, ”An Conference on Computing, Communication and
Analysis of AI-based SQL Injection (SQLi) Attack Networking Technologies (ICCCNT), (2022), DOI:
Detection,” 2023 Second International Conference on 10.1109/ICCCNT49239.2020.9225575
Augmented Intelligence and Sustainable Systems [34]. M. Hasan, Z. Balbahaith and M. Tarique, ”Detection
(ICAISS), Trichy, India, (2023), pp. 31-35, doi: of SQL Injection Attacks: A Machine Learning
10.1109/ICAISS58487.2023.10250505. Approach,” 2019 International Conference on
[21]. Demilie, W.B., Deriba, F.G. Detection and prevention Electrical and Computing Technologies and
of SQLI attacks and developing compressive Applications (ICECTA), Ras Al Khaimah, United
framework using machine learning and hybrid Arab Emirates, (2019), pp. 1-6, doi:
techniques. J Big Data 9, 124 (2022). 10.1109/ICECTA48151.2019.8959617.
https://doi.org/10.1186/s40537-022-00678-0 [35]. J. M. Alkhathami and S. M. Alzaharani, “Detection of
[22]. Kakisim, A.G. A deep learning approach based on Sql Injection Attacks Using Machine Learning in
multi-view consensus for SQL injection detection. Int. Cloud Computing Platform”, Journal of Theoretical
J. Inf. Secur. 23, 1541–1556 (2024). and Applied Information Technology, (2022), pp.
https://doi.org/10.1007/s10207-023-00791-y 5446 – 5459.
[23]. Peng Tang, Weidong Qiu, Zheng Huang, Huijuan [36]. Reddy, M., Latchoumi, T., Balamurugan, ”Applied
Lian, Guozhen Liu, Detection of SQL injection based machine learning predictive analytics to SQL injection
on artificial neural network, Knowledge-Based attack detection and prevention.” Eur. J. Mol. Clin.
Systems, Volume 190, (2020), 105528, ISSN 0950- Med. 7, 3543–3553 (2020)
7051, https://doi.org/10.1016/j.knosys.2020.105528. [37]. Pattewar, T., Patil, H., Patil, H., Patil, N., Taneja, M.,
[24]. B. I. Mukhtar and M. A. Azer, ”Evaluating the Wadile, T.: ”Detection of SQL injection using
Modsecurity Web Application Firewall Against SQL machine learning: a survey”. Int. Res. J. Eng. Technol.
Injection Attacks,” 2020 15th International (IRJET) 6, 239–246 (2019)
Conference on Computer Engineering and Systems
(ICCES), Cairo, Egypt, (2020), pp. 1-6, doi:
10.1109/ICCES51560.2020.9334626.
[25]. F.F.Fadlalla and H.T.Elshoush, “Input Validation
Vulnerabilities in Web Applications: Systematic
Review, Classification, and Analysis of the Current
State of the Art”, IEEE Access, (2023), Digital Object
Identifier 10.1109/ACCESS.2023.3266385.
[26]. M.H.Ali and M.N.Jasim, “Review of SQL injection
attacks: Detection, to enhance the security of the
website from client-side attacks”, Int. J. Nonlinear
Anal. Appl. 13 (2022) 1, 3773-3782 ISSN: 2008-6822
(electronic)
http://dx.doi.org/10.22075/ijnaa.2022.6152
[27]. R.F.Sidik, S.N.Yutia and R.Z.Fathiyana, “The
Effectiveness of Parameterized Queries in Preventing
SQL Injection Attacks at Go”, Proceedings of the
International Conference on Enterprise and Industrial
Systems (ICOEINS 2023), 10.2991/978-94-6463-340-
5 18
