- Volume 15 Number 4 (2024)
- Volume 15 Number 3 (2024)
- Volume 15 Number 2 (2024)
- Volume 15 Number 1 (2024)
- Volume 14 Number 4 (Nov. 2023)
- Volume 14 Number 3 (Aug. 2023)
- Volume 14 Number 2 (May 2023)
- Volume 14 Number 1 (Feb. 2023)
- Volume 13 Number 4 (Nov. 2022)
- Volume 13 Number 3 (Aug. 2022)
- Volume 13 Number 2 (May 2022)
- Volume 13 Number 1 (Feb. 2022)
- Volume 12 Number 4 (Nov. 2021)
- Volume 12 Number 3 (Aug. 2021)
- Volume 12 Number 2 (May. 2021)
- Volume 12 Number 1 (Feb. 2021)
- Volume 11 Number 6 (Dec. 2020)
- Volume 11 Number 5 (Oct. 2020)
- Volume 11 Number 4 (Aug. 2020)
- Volume 11 Number 3 (Jun. 2020)
- Volume 11 Number 2 (Apr. 2020)
- Volume 11 Number 1 (Feb. 2020)
- Volume 10 Number 6 (Dec. 2019)
- Volume 10 Number 5 (Oct. 2019)
- Volume 10 Number 4 (Aug. 2019)
- Volume 10 Number 3 (Jun. 2019)
- Volume 10 Number 2 (Apr. 2019)
- Volume 10 Number 1 (Feb. 2019)
- Volume 9 Number 6 (Dec. 2018)
- Volume 9 Number 5 (Oct. 2018)
- Volume 9 Number 4 (Aug. 2018)
- Volume 9 Number 3 (Jun. 2018)
- Volume 9 Number 2 (Apr. 2018)
- Volume 9 Number 1 (Feb. 2018)
- Volume 8 Number 6 (Dec. 2017)
- Volume 8 Number 5 (Oct. 2017)
- Volume 8 Number 4 (Aug. 2017)
- Volume 8 Number 3 (Jun. 2017)
- Volume 8 Number 2 (Apr. 2017)
- Volume 8 Number 1 (Feb. 2017)
- Volume 7 Number 6 (Dec. 2016)
- Volume 7 Number 5 (Oct. 2016)
- Volume 7 Number 4 (Aug. 2016)
- Volume 7 Number 3 (Jun. 2016)
- Volume 7 Number 2 (Apr. 2016)
- Volume 7 Number 1 (Feb. 2016)
- Volume 6 Number 6 (Dec. 2015)
- Volume 6 Number 5 (Oct. 2015)
- Volume 6 Number 4 (Aug. 2015)
- Volume 6 Number 3 (Jun. 2015)
- Volume 6 Number 2 (Apr. 2015)
- Volume 6 Number 1 (Feb. 2015)
- Volume 5 Number 6 (Dec. 2014)
- Volume 5 Number 5 (Oct. 2014)
- Volume 5 Number 4 (Aug. 2014)
- Volume 5 Number 3 (Jun. 2014)
- Volume 5 Number 2 (Apr. 2014)
- Volume 5 Number 1 (Feb. 2014)
- Volume 4 Number 6 (Dec. 2013)
- Volume 4 Number 5 (Oct. 2013)
- Volume 4 Number 4 (Aug. 2013)
- Volume 4 Number 3 (Jun. 2013)
- Volume 4 Number 2 (Apr. 2013)
- Volume 4 Number 1 (Feb. 2013)
- Volume 3 Number 6 (Dec. 2012)
- Volume 3 Number 5 (Oct. 2012)
- Volume 3 Number 4 (Aug. 2012)
- Volume 3 Number 3 (Jun. 2012)
- Volume 3 Number 2 (Apr. 2012)
- Volume 3 Number 1 (Feb. 2012)
- Volume 2 Number 6 (Dec. 2011)
- Volume 2 Number 5 (Oct. 2011)
- Volume 2 Number 4 (Aug. 2011)
- Volume 2 Number 3 (Jun. 2011)
- Volume 2 Number 2 (Apr. 2011)
- Volume 2 Number 1 (Feb. 2011)
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
- ISSN: 2010-0248 (Print)
- Abbreviated Title: Int. J. Innov. Manag. Technol.
- Frequency: Quarterly
- DOI: 10.18178/IJIMT
- Editor-in-Chief: Prof. Jin Wang
- Managing Editor: Ms. Nancy Y. Liu
- Abstracting/ Indexing: Google Scholar, CNKI, Ulrich's Periodicals Directory, Crossref, Electronic Journals Library.
E-mail: editor@ijimt.org
- Article Processing Charge: 500 USD
IJIMT 2012 Vol.3(5): 499-502 ISSN: 2010-0248
DOI: 10.7763/IJIMT.2012.V3.284
DOI: 10.7763/IJIMT.2012.V3.284
A Novel Approach to Prevent SQL Injection Attack Using URL Filter
Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam
Abstract— Web services are usually supported by a database at the backend while a frontend takes input from the user, construct SQL statements and access the database. SQL injection is a popular technique used by attackers to exploit unsanitized user input vulnerability by convincing the application to run SQL code that it was not intended to run. Validating all user inputs and checking for vulnerability can be tedious on the part of the programmer. In this work we propose a new approach to prevent SQL injection attack using URL filtering. URL filters are used to validate user input to web forms. In this approach a single filter can be used to validate input to several databases which makes our approach more scalable and efficient. We implement the filter using Java servlet and demonstrate its effectiveness.
Index Terms— SOL injection attacks, prevention, URL filtering.
Sangita Roy is with Computer Science and Engineering Department, Indian Institute of Technology Patna, India, (e-mail: r_sangita@iitp.ac.in).
Avinash Kumar Singh was with KIIT University, Bhubaneswar, Orissa, India. He is now with the Department of Computer Science, Indian Institute of Information Technology Allahabad, India (email: rs110@iiita.ac.in).
Ashok Singh Sairam is with the Computer Science and Engineering Department, Indian Institute of Technology Patna, (e-mail: ashok@iitp.ac.in).
Cite: Sangita Roy, Avinash Kumar Singh, and Ashok Singh Sairam, Senior Member IACSIT, " A Novel Approach to Prevent SQL Injection Attack Using URL Filter ," International Journal of Innovation, Management and Technology vol. 3, no. 5, pp. 499-502 , 2012.