Main Article Content
In the last decade, the web has rapidly become an attractive platform, and an indispensable part of our lives. Unfortunately, as our dependency on the web increases so programmers focus more on functionality and appearance than security, has resulted in the interest of attackers in exploiting serious security problems that target web applications and web-based information systems e.g. through an SQL injection attack. SQL injection in simple terms, is the process of passing SQL code into interactive web applications that employ database services such applications accept user input such as form and then include this input in database requests, typically SQL statements in a way that was not intended or anticipated by the application developer that attempts to subvert the relationship between a webpage and its supporting database, in order to trick the database into executing malicious code due to the poor design of the application. The proposed system is based on protection website at run time, before inclusion of user input with database by validating, encoding, filtering the content, escaping single quotes, limiting the input character length, and ﬁltering the exception messages. The proposed solution is effectiveness and scalability in addition it is easily adopted by application programmers. For empirical analysis, we provide a case study of our solution and implement in Html, PHP, MySql , Apache Server and Jmeter application.