An innovative method for detecting SQLi attacks by altering SQL query attribute values

One of the most dangerous vulnerabilities exploited to gain unauthorized access, disclose private information, and cause financial harm to both individuals and companies is the structured query language injection attack (SQLia). Structured query language (SQL) is widely used as a backend for data storage in most web applications. Through SQL injection, attackers can bypass authorization and authentication mechanisms, gaining access to sensitive data. Although various researchers have proposed methods to detect and mitigate this vulnerability, their efforts have not been entirely successful. Some of these strategies have yet to be fully implemented, leading to confusion among users when selecting the appropriate tool. This study introduces a simple yet effective method for detecting and preventing SQLia. The proposed method involves modifying attribute values in SQL queries on web pages upon parameter submission and subsequently comparing them with predefined values using both static and dynamic analysis techniques. The results from the experiments demonstrate the effectiveness and simplicity of the proposed approach when compared to existing methods.