DOI: 10.14569/IJACSA.2021.0120636

A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

Author 1: Kamsuriah Ahmad
Author 2: Mayshara Karim

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 12 Issue 6, 2021.

Abstract: Structured Query Language (SQL) injection is one of the critical threats to database security. The effects of SQL injection attacks cause the data contained in the database to be at risk of being exploited by irresponsible parties, compromising data integrity, disrupting server operations and in return affecting the organization's image. Although SQL injection is an attack performed at the application level, SQL injection prevention requires security controls at all levels, namely application level, database level and network level. The absence of SQL injection prevention measures at the application level makes the database vulnerable to attack. Reviews indicate that the current approaches still not sufficient in addressing these three issues, which are i) improper use of dynamic SQL, ii) lack of input validation process and iii) inconsistent error handling. Currently, program and database code security is based solely on basic security measures that are focused at the network level such as network firewalls, database access control and web server request filtering. Unfortunately, these measures are still inadequate and not sufficient to safe guard the program code and databases from the attack. To overcome this shortcoming as addressed by these three issues, a new comprehensive method is proposed using an improved parameterized stored procedure to enhance database security. Experimental results prove that the proposed method is able to prevent SQL injection from occurring and able to shorten the processing time when compared with existing methods, hence able to improve database security.

Keywords: SQL injection prevention; database security; parameterized stored procedure; network firewall

Kamsuriah Ahmad and Mayshara Karim, “A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure” International Journal of Advanced Computer Science and Applications(IJACSA), 12(6), 2021. http://dx.doi.org/10.14569/IJACSA.2021.0120636

@article{Ahmad2021,
title = {A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2021.0120636},
url = {http://dx.doi.org/10.14569/IJACSA.2021.0120636},
year = {2021},
publisher = {The Science and Information Organization},
volume = {12},
number = {6},
author = {Kamsuriah Ahmad and Mayshara Karim}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

IntelliSys 2025

28-29 August 2025

Future Technologies Conference 2025

6-7 November 2025

Healthcare Conference 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

IntelliSys 2026

3-4 September 2026

Computer Vision Conference 2026

15-16 October 2026