A Method to Prevent SQL Injection Attack using an Improved Parameterized Stored Procedure

Structured Query Language (SQL) injection is one of the critical threats to database security. The effects SQL attacks cause data contained in be at risk being exploited by irresponsible parties, compromising integrity, disrupting server operations and return affecting organization's image. Although an attack performed application level, prevention requires security controls all levels, namely level network level. absence measures makes vulnerable attack. Reviews indicate that current approaches still not sufficient addressing these three issues, which are i) improper use dynamic SQL, ii) lack input validation process iii) inconsistent error handling. Currently, program code based solely on basic focused such as firewalls, access control web request filtering. Unfortunately, inadequate safe guard databases from To overcome this shortcoming addressed a new comprehensive method proposed using improved parameterized stored procedure enhance Experimental results prove able prevent occurring shorten processing time when compared with existing methods, hence improve