A new approch to protection from SQL injection attack
This paper presents a method to protect from SQL injection attack. The method involves using a virtual database connectivity drive as well as a special method named "variable normalization" to extract the basic structure of a SQL statement so that we could use that information to determine if a SQL statement is allowed to be executed.
The method can be used in most scenarios and does not require changing the network topoloty nor source code of database applications (i.e. the CGI web application). A summary of the algorithm is available at Here