Internet is a very crucial part of today's life. And when we discuss about internet , Web Applications come into focus. Now a days many Web Applications use RDBMS & Web Applications allows its valid users to deal with data stored in RDBMS. Traditionally mostly programmers have been trained in terms of writing code to implement the intended functionality but they are not aware of security aspect in many ways. The Web Applications are vulnerable to different types of attacks. One of the most dangerous attack is SQL Injection attack. SQL injection is an attack method used by hackers to retrieve, manipulate, or delete information in organizations' relational databases through web applications. Our technique is implemented in tool named SQL Injection Detector and Preventer(SIDP) which secures Web Applications from different attacks. A great comparative study is made between SIDP and other similar tools and a conclusion is drawn that SIDP is the most efficient tool of all others.

1. Halfond, W. G. J. and A. Orso (2005). Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks. Workshop on Dynamic Analysis (WODA 2005). St. Louis, MO,USA, ACM: pp. 1 - 7.
2. Shaukat Ali, Azhar Rauf, Huma Javed:SQLIPA: An Authentication Mechanism Against SQL Injection.
3. Top ten most critical web application vulnerabilities, 2005. http://www. owasp. org/documentation/topten. html
4. William G. J. Halfond, Alessandro Orso, and Panagiotis Manolios: Using Positive Tainting and Syntax Aware Evaluation to Counter SQL Injection Attacks.
5. W. G. Halfond and A. Orso(2005) 'AMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks', In the Proceedings of 20th IEEE and ACM International Conference onAutomated Software Engineering, pp. 174-183.

Sql – Structure Query Language Sqlia –sql Injection Attack Positive Tainting Taint Propagation Syntax Aware Evaluation Hard-coded Strings implicity Created Strings False Positives Negative Tainting