SQL Injection Attacks Prevention System Technology: Review
Fairoz Q. Kareem *
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Siddeeq Y. Ameen
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Azar Abid Salih
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Dindar Mikaeel Ahmed
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Shakir Fattah Kak
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Hajar Maseeh Yasin
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Ibrahim Mahmood Ibrahim
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
Awder Mohammed Ahmed
Sulaimani Polytechnic University, Sulaimani, Kurdistan Region, Iraq.
Zryan Najat Rashid
Sulaimani Polytechnic University, Sulaimani, Kurdistan Region, Iraq.
Naaman Omar
Duhok Polytechnic University, Duhok, Kurdistan Region, Iraq.
*Author to whom correspondence should be addressed.
Abstract
The vulnerabilities in most web applications enable hackers to gain access to confidential and private information. Structured query injection poses a significant threat to web applications and is one of the most common and widely used information theft mechanisms. Where hackers benefit from errors in the design of systems or existing gaps by not filtering the user's input for some special characters and symbols contained within the structural query sentences or the quality of the information is not checked, whether it is text or numerical, which causes unpredictability of the outcome of its implementation. In this paper, we review PHP techniques and other techniques for protecting SQL from the injection, methods for detecting SQL attacks, types of SQL injection, causes of SQL injection via getting and Post, and prevention technology for SQL vulnerabilities.
Keywords: SQL injection, PHP, database security.