Abstract: SQL Injection Attacks (SQLIAs) is a technique through which an unauthorized user can access over database by inserting malicious SQL query segment. The major caused of SQLIAs is improper coding and improper validation of user input. The integrity, confidentiality and availability of web applications are infected by these types of attacks. Now-a-days online services play an important role in our day-to-day life such as email, e-banking, ecommerce, social networking sites, forum etc. However vulnerabilities in these applications may create a wide range of risk as these all contains confidential data such as personal information, banking details and many mores. In this paper we will discuss different types of SQLIAs technique and an algorithm for their preventions against those attacks. This algorithm defeat SQL Injection at different level and protect database to reveal any confidential data from database server when any illegal query is injected for compromising the security. The algorithm using hexadecimal and ASCII value for preventing SQLIAs and a fixed error message is set for protecting database to reveal any valuable information in form of error message.

Keywords: Vulnerability, Structure Query Language Injection Attacks (SQLIAs), Web Application, Hexadecimal, ASCII value, Internet Protocol (IP) Address.