Review of SQL Injection : Problems and Prevention

Mohd Amin Mohd Yunus - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Muhammad Zainulariff Brohan - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Nazri Nawi - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Ely Mat Surin - Institute of Visual Informatic, Universiti Kebangsaaan Malaysia, Malaysia
Nurhakimah Azwani Md Najib - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia
Chan Liang - Universiti Tun Hussein Onn Malaysia, Johor, Malaysia

Citation Format:



SQL injection happened in electronic records in database and it is still exist even after two decades since it first happened. Most of the web-based applications are still vulnerable to the SQL injection attacks. Although technology had improved a lot during these past years, but, hackers still can find holes to perform the SQL injection. There are many methods for this SQL injection to be performed by the hackers and there is also plenty of prevention for the SQL injection to be happened. The vulnerability to SQL injection is very big and this is definitely a huge threat to the web based application as the hackers can easily hacked their system and obtains any data and information that they wanted anytime and anywhere. This paper can conclude that several proposed techniques from existing journal papers used for preventing SQL injection. Then, it comes out with Blockchain concept to prevent SQL injection attacks on database management system (DBMS) via IP.


Database; DBMS; SQL Injection

Full Text:



S. Nanhay, D. Mohit, R.S. Raw, and K. Suresh, “SQL Injection: Types, Methodology, Attack Queries and Preventionâ€, in 3rd International Conference on Computing for Sustainable Global Development (INDIACom), 2016, p. 2872 – 2876.

K.G. Vamshi, V. Trinadh, S. Soundabaya, and A. Omar, “Advanced Automated SQL Injection Attacks and Defensive Mechanismsâ€, in Annual Connecticut Conference on Industrial Electronics, Technology & Automation (CT-IETA), 2016, p. 1-6.

K. Krit and S. Chitsutha, “Machine Learning for SQL Injection Prevention on Server- Side Scriptingâ€, in International Computer Science and Engineering Conference (ICSEC), 2016, p. 1-6.

P.K. Raja and Z. Bing, “Enhanced Approach to Detection of SQL Injection Attackâ€, in 15th IEEE International Conference on Machine Learning and Applications (ICMLA), 2016, p. 466 – 469.

D. Rhythm and G. Himanshu, “SQL Filtering: An Effective Technique to prevent SQL Injection Attackâ€, in International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), 2016, p. 312 – 317.

A.A. Nedhal and A. Dana, “Database Security Threats: A Survey Studyâ€, in 5th International Conference on Computer Science and Information Technology, 2013, p. 60 – 64.

A.S. Aditya and P.N Chatur, “Efficient and Effective Security Model for Database Specially Designed to Avoid Internal Threatsâ€, in International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015, p. 165 – 167.

S.P. Ganesh and G. Anandhi, “Database Security: A Study on Threats And Attacksâ€, International Journal on Recent and Innovation Trends in Computing and Communication, vol. 4(6), pp. 512-513, 2015.

Parviz Ghorbanzadeh, Aytak Shaddeli, Roghieh Malekzadeh, Zoleikha Jahanbakhsh, “ A Survey of Mobile Database Security Threats and Solutions for itâ€, in the 3rd International Conference on Information Sciences and Interaction Sciences, 2007, p. 676 – 682.

Asmaa Sallam, Qian Xiao, Daren Fadolalkarim, Elisa Bertino, “Anomaly Detection Techniques for Database Protection Against Insider Threatsâ€, in 17th International Conference on Information Reuse and Integration (IRI), 2016, p. 20 – 29.

L. Zhang, C. Tan, and F. Yu, “An Improved Rainbow Table Attack for Long Passwords,†Procedia Computer Science, vol. 107, pp. 47–52. 2017.

Deniz Gurkan and Fatima Merchant “Interoperable Medical Instrument Networking and Access System with Security Considerations for Critical Careâ€, Journal of Healthcare Engineering, vol. 1(4), pp. 637-654, 2010.

M. A. Halcrow and N. Ferguson, “A Second Pre-image Attack Against Elliptic Curve Only Hash (ECOH),†in IACR Cryptol. ePrint Arch., vol. 2009, p. 168, 2009.

A.K. Kyaw, F. Sioquim, and J. Joseph, “Dictionary attack on Wordpress: Security and forensic analysis,†in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, 2016, p. 158–164.

F. Mouton, M. M. Malan, L. Leenen, and H. S. Venter, “Social engineering attack framework,†in Proceedings of the ISSA, 2014.

Hilarie Orman, “Blockchain: the Emperors New PKI?â€, IEEE Internet Computing, vol. 22(2), pp. 23-28, 2018.