Treffer: Comparative Analysis of SQL Injection Defense Mechanisms Based on Three Approaches: PDO, PVT, and ART.

This study presents a comprehensive examination of the risks associated with SQL Injection attacks, with a particular focus on the Union Select technique. This method is frequently exploited by attackers to retrieve unauthorized data by appending malicious queries to legitimate database calls. We analyzed multiple real-world cases where personal information was leaked through such attacks, underscoring the urgent need for robust countermeasures in modern web applications. To address these threats, we developed and implemented a multi-layered defense strategy. This strategy includes using PHP Data Objects (PDO) with Prepared Statements to safely handling user inputs, rigorous input pattern validation to detect and reject suspicious payloads, and a redirection-based filtering mechanism to disrupt abnormal access attempts. Through controlled experiments, we validated the effectiveness of these techniques in mitigating SQL Injection attacks. The results demonstrate that our approach successfully blocked malicious queries and prevented unauthorized data access or manipulation. These findings represent a significant contribution to enhancing the security, stability, and trustworthiness of web-based systems, especially those handling sensitive user information. Finally, this work is presented as an educational comparative study, not as a proposal of new defense mechanisms, aiming to provide a clear and reproducible evaluation of standard SQL injection countermeasures. The contributions of this work are threefold: (i) it provides a unified comparative evaluation of three representative SQL injection defense methods—PDO, pattern validation, and attacker redirection—under identical experimental conditions; (ii) it analyzes their strengths, weaknesses, and practical applicability in PHP–MySQL environments; and (iii) it serves as an educational reference that bridges theoretical understanding and practical implementation. The study also suggests directions for extending this work through machine-learning-based anomaly detection and runtime self-protection (RASP) frameworks. [ABSTRACT FROM AUTHOR]

Copyright of Applied Sciences (2076-3417) is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)