Proceedings of the International Conference on Sustainable Computing and Artificial Intelligence (ICSCAI 2025)

<Previous Article In Volume

SQL Injection Attack: Detection, Prioritization and Prevention

Authors
Gaurav Tiwari1, Aman Singh Chauhan2, Divyanshu Tripathi3, *, Satyam Kumar4, Swapnil Kaushal5
1Jims Engineering Management Technical Campus, Greater Noida, India
2Jims Engineering Management Technical Campus, Greater Noida, India
3Jims Engineering Management Technical Campus, Greater Noida, India
4Jims Engineering Management Technical Campus, Greater Noida, India
5Jims Engineering Management Technical Campus, Greater Noida, India
*Corresponding author. Email: divyanshu8512@gmail.com
Corresponding Author
Divyanshu Tripathi
Available Online 28 May 2026.
DOI
10.2991/978-94-6239-674-6_43How to use a DOI?
Keywords
SQL Injection; Web Application Security; MySQL; Threat detection; Real-time prevention
Abstract

SQL Injection remains a persistent and evolving threat to the security of web applications, as it allows attackers to change database queries to gain unauthorized access or seize control of systems. Despite numerous mitigation tools, SQLi continues to appear among the top OWASP vulnerabilities due to the limits of static detection and the lack of adaptive prevention. This paper introduces an integrated framework for detecting SQL Injection attacks, prioritizing, and preventing them by utilizing machine learning and automated query analysis. The system uses Node.js for automation and data handling, Python (scikit-learn) for the training and evaluation of classification models, and MySQL as the target database to simulate vulnerabilities. Supported with curated datasets of both clean and malicious SQL queries, the framework utilizes TF-IDF-based feature extraction for classifying SQLi attack types and assessing risk severity. A prevention layer within the Node.js middleware inspects queries in real time, thus allowing alerts or blocks based on the model's confidence scores. The design connects static vulnerability scanning with dynamic prevention, balancing detection accuracy with practical operability.

Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Volume Title
Proceedings of the International Conference on Sustainable Computing and Artificial Intelligence (ICSCAI 2025)
Series
Advances in Engineering Research
Publication Date
28 May 2026
ISBN
978-94-6239-674-6
ISSN
2352-5401
DOI
10.2991/978-94-6239-674-6_43How to use a DOI?
Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Gaurav Tiwari
AU  - Aman Singh Chauhan
AU  - Divyanshu Tripathi
AU  - Satyam Kumar
AU  - Swapnil Kaushal
PY  - 2026
DA  - 2026/05/28
TI  - SQL Injection Attack: Detection, Prioritization and Prevention
BT  - Proceedings of the International Conference on Sustainable Computing and Artificial Intelligence (ICSCAI 2025)
PB  - Atlantis Press
SP  - 524
EP  - 534
SN  - 2352-5401
UR  - https://doi.org/10.2991/978-94-6239-674-6_43
DO  - 10.2991/978-94-6239-674-6_43
ID  - Tiwari2026
ER  -