Main Article Content
SQL injection attacks are the most basic type of cyber-attacks that execute arbitrary malicious code to retrieve confidential information from a SQL database. This paper aims to study and analyze three types of injection attacks and find out their vulnerabilities. Based on that, we propose a new measure to prevent the occurrence of SQL injection attacks. The proposed measure was experimented with and tested using a local webserver and found that it accurately detects and prevents SQL injection attacks. The proposed system could be implemented in the Web Application Firewall to detect and prevent malicious SQL traffic.