I divided the approach in to five modules
1- Queries Generation Module
In this module when the application server received input from the user, it dynamically generated the query based on the input, along with the developer-intended query.
2- XML Parsing Module
The queries that generated in the module were then forwarded to an XML parsing component, which converted both queries into XML trees
3- Key Generation Module
This module was responsible for secure random key generation. A list of SQL keywords was used to identify SQL keywords in both, intended and actual queries. A secure random key was generated and it was appended to the SQL keywords in both queries X query.
4- Decision Module
This module performed a parallel XML node comparison of the XML nodes added to the stack by the XML parsing module. This comparison was performed till the program either found a mismatch or both stacks were empty. If a mismatch was found, it implied an injection attack since the structure of the intended query and the actual query did not match. If both stacks were empty and no mismatch was found, the program determined the actual query as benign and allowed it to pass further to the database server for execution.
5- Attack Reporting Module
The functioned of this module is only when the decision module determined the user’s query as malicious. It was responsible for reporting a bad query
What I have tried:
I divided the approach in to five modules and I write class that generate random number my problem how I generate dynamic queries