Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks

中文翻译：

---

一种使用Knuth-Morris-Pratt字符串匹配算法来防止SQL注入和跨站点脚本攻击的新颖技术

结构化查询语言（SQL）注入和跨站点脚本编写仍然是对数据驱动的Web应用程序的主要威胁。黑客越来越不受限制地访问Web应用程序的后端数据库，以窃取，编辑和销毁机密数据的情况越来越多。因此，必须采取措施来减少SQL注入和XSS攻击日益增长的威胁。这项研究提出了一种使用Knuth-Morris-Pratt（KMP）字符串匹配算法来检测和预防这些威胁的技术。该算法用于将用户的输入字符串与注入字符串的存储模式进行匹配，以检测任何恶意代码。该实现是使用PHP脚本语言和Apache XAMPP Server进行的。使用不同的SQL注入测试案例来衡量该技术的安全级别，跨站点脚本（XSS）和编码注入攻击。获得的结果表明，所提出的技术能够成功检测和预防攻击，将攻击条目记录在数据库中，使用其mac地址阻止系统并生成警告消息。因此，该技术被证明在检测和预防SQL注入和XSS攻击方面更有效。