Abstract
Databases often store personal information such as addresses, phone numbers, bank account details, and social security numbers. SQL injection attacks can cause serious threat to applications that access this kind of information through the internet, as with this kind of attack hackers can get unrestricted access to sensitive information. Though many individuals and organizations have proposed different methods to solve this problem, they either fail to address the entire scope of the problem or are too expensive for many users to adopt. SQLiDetect is an attempt to provide a comprehensive solution to SQL injections, incorporating a detection model and a business model. The detection model uses signature-based pattern matching to check for probable SQL injections, while the business model blocks the IP address from where a hacker attempts to intrude into the system. It also provides a flexible tracking and reporting system to monitor attacks.