中文摘要：

Web应用的发展,使其涉及的领域也越来越广。随之而来的安全问题也越来越严重,尤其是SQL注入攻击,给Web应用安全带来了巨大的挑战。针对SQL注入攻击,将基于SQL语法树比较的安全策略引入用户输入过滤的设计中,提出了一种新的SQL注入过滤方法。实验结果表明,该方法能够有效地防止SQL注入攻击,并有较高的拦截率和较低的误报率。

英文摘要：

The development of Web application make its areas become more and more widely. Followed by a security problem is becoming more and more serious, especially for the SQL injection attacks, which bring a huge challenge to the Web application security. A new SQL injection filtering method was proposed to detect SQL injection attack by introducing a security strategy based on SQL syntax tree to the design of the user input filtering. The experimental results show that the method can effectively prevent SQL injection attacks, and has higher recognition rate and lower rate of false positives.