An Efficient Model for SQL Injection Attack and Prevention

The paper proposes an efficient model for SQL Injection attack and prevention. Attacking the website is done by inserting SQL queries like ‘or’ and ‘and’ in the database. When an attacker types anything or x=x in the  password field, the  attacker can retrieve all the information about the users. For preventing SQL Injection, the paper proposes an Application Programming  Interface implemented in a simple php language. The model proposes a slim framework which gives some special characters in the password field.