Abstract SQL Injection attacks are one of the most common threats on web applications that refer to an attacker who can use vulnerability to bypass authentication for retrieving the contents of an entire database then create, delete, update or drop the whole structure. There are many methods used to repel these attacks but none of these methods have proved to work on detecting and preventing all types of SQL injection attacks which means specific method for a certain particular type. The aim of this research is to present a new method to detect and prevent the largest number of these attacks and test it against the 50 codes written by PHP and HTML languages Analysis and comparison have been carried out between the existing solutions YASCA, RIPS and WAVE, questionnaires were completed by experts such as developers and database administrators and identification of the actual risks behind these threats have all helped in addressing the best method to use in securing websites.