SQL Injection (SQLi) continues to pose a critical threat to modern web applications, exploiting improper input handling to compromise database integrity and confidentiality. This paper provides a comprehensive review of SQLi attack vectors, evaluates the effectiveness of cryptographic, pattern-based, and machine learning mitigation strategies, and analyzes their applicability in contemporary cloud-native and microservice-based architectures. Findings indicate that a multi-layered defense approach significantly reduces risk and enhances system resilience.

SQL Injection, web security, parameterized queries, machine learning, WAF, cryptographic defenses, multi-layered security.

D. A. Kindy and A. S. K. Pathan, “A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques,” in Proc. 2011 IEEE 15th Int. Conf. Computer and Inf. Technology (CIT), 2011.

P. Panadiya and M. K. Singhal, “Advanced Detection and Prevention of SQL Injection Attacks Using Machine Learning Techniques for Enhanced Web Security,” Int. J. Sci. Res. Sci. Technol., 2024, doi:10.32628/IJSRST241161101.

M. A. M. Oudah and M. F. Marhusin, “SQL Injection Detection using Machine Learning: A Review,” Malaysian J. Sci. Health & Technol., 2025.

E. PeraltaGarcia, J. QuevedoMonsalbe, V. TuestaMonteza, and J. ArcilaDiaz, “Detecting Structured Query Language Injections in Web Microservices Using Machine Learning,” Informatics, vol. 11, no. 2, 2024.

Y. Zhang et al., “Deep Learning Architecture for Detecting SQL Injection Attacks Based on RNN Autoencoder Model,” Mathematics, vol. 11, no. 15, 2025.

M.S. Dasari, A. Badii, A. Moin, and A. Ashlam, “Enhancing SQL Injection Detection and Prevention Using Generative Models,” arXiv preprint, 2025.

M. Huang et al., “Comparative Analysis of SQL Injection Defense Mechanisms Based on PDO, Pattern Validation and Attacker Redirection,” Appl. Sci., vol. 15, no. 23, 2025.

J. Hazaline Johny et al., “SQL Injection Prevention in Web Application: A Review,” ResearchGate, 2022.

Research on SQL Injection Detection Technology Based on Content Matching and Deep Learning, Computers, Materials & Continua, vol. 84, no. 1, 2025.

“The Prevention of SQL Injection Attacks on Web Applications,” ASTESJ, vol. 6, no. 2, 2025.

L. M. R. et al., “A MultiLayered Framework for SQL Injection Mitigation Using Machine Learning and Deceptive Techniques,” J. Android IOS App. Testing, 2025.

A. S. Kapse, P. C. Patil, and A. S. Rathod, “Review on SQL Injection Prevention with Trust Factor and Security,” Int. J. Sci. Res. Sci. Technol., 2023.

“A Defense Model against SQL Injection Based on Parameterized Queries,” Proc. 5th Int. Conf. Computer Sciences and Automation Eng. (ICCSAE), 2015.

“Prevention of SQL Injection Attacks using AWS WAF,” St. Cloud State University MS Thesis Repository, 2025.

R. Mui and P. Frankl, “Preventing SQL Injection through Automatic Query Sanitization with ASSIST,” arXiv preprint, 2010.