Abstract:
SQL injections are hacking techniques through which hackers gain unauthorized access to the database. It has been declare as one of the most serious threat to web-base application. Not only the web-base application but all the applications which have dynamically generated SQL queries are vulnerable to SQL injections. SQL injections are of many types it all depend upon the creativity of the hacker how he wants to attack the database. But mainly it has been classified as four types: Select, Update, Authorization bypass and Insert. Lot of research has been carried out and many solutions have been proposed but all the solutions have some limitations. The best solution ever proposed is parse tree technique. Parse Tree technique has been implemented in this project. The basic concept behind the Parse Tree is that it dynamically generates two parse trees from SQL query. One with user input and other without user input And compare at run time If they are equal it will be consider as safe query and it will be allowed to access the database. Otherwise it will be consider as an SQL injection attack and It will not further be proceed.
