A Review Study on SQL Injection Attacks, Prevention, and Detection

The functionality of a web-based system can be a ected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research e orts have been made to deal with such attacks. The majority of the protection techniques adopt a defense strategy which results to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL are always a serious challenge for the web-based system. This kind of attack is still attractive to hackers and it is in growing progress. For that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on a statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attacks. In addition, it outlines challenges, open issues, and future trends of solutions in this context.