THE IMPACT OF SQL INJECTION ATTACKS ON THE SECURITY OF DATABASES

SQL injection Attack (SQLIA) can be detected in many web applications that lack of input variable filtering. The problem of this study is the weak input filtration and validation of forms in dynamic web applications and using a single detection and prevention technique against SQL injection attacks. The aim of this study is to investigate the effect of poor input validation of SQL query to discriminate the parameters used for injection malicious SQL on the security of server database and to improve the filtration level of a user input from real one and a malicious one on dynamic web applications in e-commerce, and to proposes a technique called CombinedDetect based on two methods based on JavaScript and PHP coding to detect malicious SQL query and isolate it before sending to the server. The result of this study shows that many web developers neglect the high risks of SQL injection attacks on the security and confidentially of data stored in databases. The injection of malicious SQL parameters pass to the database in the server could damage the whole database or steal data. The method used in this study is based on JavaScript and PHP codes enable the dynamic web application to separate between normal data and malicious data, nevertheless of what user input is entered through input fields. The study recommended avoiding any weakness in SQL server by providing effective input validation to discriminate the malicious parameters used for injection SQL attack queries and using multiple detection methods for SQL injection.