This technique involves in transformation of query into structural form other than parameterized form. The assumption considered is as follows
The queries generated by the website is prone to some of injection attacks .An attacker will attempt different intends to change the structure (and consequently the conduct) of dynamically produced queries by inserting SQL Keywords, unique characters and alphanumeric values As far as the query in its structural form is considered, identifier tokens like table, column names including the parameter values are unimportant except for the keywords and special characters. After masking the table and column names from the two parametrized queries as stated above, we have the following
1) SELECT * FROM <TABLENAME> WHERE
<Columnname> =? AND <columnname> =?
2) SELECT * FROM <tablename> WHERE
<Columnname> =? AND <columnname> =?
Now both the queries reduced to precisely same structural scheme. It is required to maintain only structural form rather than storing skeleton queries in the repository.
In order to understand further, another query on a different table is taken into consideration
SELECT * FROM SUPPLIERS WHERE Cityid=?
AND AREAcode =?
By incorporating same rule of avoiding the table name and column names, the query above will also lead to the same structural form of the previous two queries as stated below
SELECT * FROM <tablename> WHERE <columnname> =? AND
<Columnname> =?
Various queries will change into structural from by neglecting the identifier tokens. If any of the queries given in the examples above become prey for SQL injection attack, the injected query's structural form will be
SELECT * FROM <tablename> WHERE <columnname> =? AND
<Columnname> =? OR? = ?
It can be quickly decided that an SQL Injection attempt has been made by identifying the variation of structural form of the query that is injected to that of legitimate query.
Multiple queries can be reduced to the same structural form which in turn reduces the size of search space during run time.
The Query Transformation Scheme
The intention of the schema is to change the queries into structural form rather than parameterized form. In order to meet the requirements the transformation scheme has been formulated to take up extensively potential range of queries, including query which indicates objects from the system databases and/or tables. By Substring replacement, all of these transformations can be efficiently performed with relevant regular expressions employing the PHP function preg_replace () function
TABLE I. THE QUERY TRANSFORMATION SCHEME
The following example query is deliberately written in bad case to explain the outcome of transformation
Select * from customers Where first_name
Like '%jones%' and (city_id = 23 oR zip_code =
78900)
The query transformation as per the schema is enforced and the query is now transformed into
The data types for the attribute values including the delimitation in the original query is still maintained by the structural form of the query as seen above.
B. Transformed QueriesHashing
A suitable hashing function is utilised to develop exclusive hash keys for every transformed query with a hash function