Investigation and Analysis of SQL Injection Attacks on Web Applications: Survey
Zeinab Raveshi1, Sonali R. Idate2
1Zeinab Raveshi, Education: M Tech .IT College, Bharati Vidyapeeth Deemed University College of  Engineering, Pune, India.
2Sonali R. Idate, Education, M.E. Computer College Bharati Vidyapeeth Deemed University College of  Engineering, Pune, India.
Manuscript received on January 21, 2013. | Revised Manuscript received on February 10, 2013. | Manuscript published on February 28, 2013. | PP: 182-187| Volume-2 Issue-3, February 2013.  | Retrieval Number: C1043022313 /2013©BEIESP

Open Access | Ethics and Policies | Cite
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (

Abstract: SQL injection attacks are a serious security threat to Web applications. They allow attackers to gain unrestricted access to the databases underlying the applications and to retrieve sensitive information from databases. Many researchers and practitioners have proposed various methods to solve the SQL injection problem, current ways either fail to solve the full scope of the problem or have limitations that prevent their use. Many researchers and practitioners are familiar with only a subset of the wide range of techniques available to attackers who are trying to take advantage of SQL injection vulnerabilities. Many solutions proposed in the literature solve only some of the issues related to SQL injection. To solve this problem, we give an extensive review of the different types of SQL injection attacks. For each type of attack, we provide descriptions and examples of how attacks of that type could be performed. We also analyze existing detection and prevention techniques against SQL injection attacks.
Keywords: SQL injection, SQL injection vulnerabilities, security thread in web application.