International Journal of Engineering and Technology

The aim of this paper is to prevent sql injection attack using stored procedure. In SQL injection attack, an attacker might deliver malicious SQL query segments as user input which could effect in a different database request. Using SQL injection attacks, an attacker might thus obtain and modify confidential information. An attacker could even use a SQL injection vulnerability as a basic IP or Port scanner of the internal corporate network. The stored procedure does not permit conditional statement there by the hacker cannot identify the IDs. The stored procedure is the new approach that is executed. Stored procedure avoids the attack which is more secured one where the conditional statements are not permitted. In sql injection input is set as conditional statements and the user can able to login into the website. But in this paper every condition are checked in the procedural language of stored procedure. Once it notices the condition statement the user will be blocked to log into the website. Only the correct form of passwords is acceptable.