Abstract: Growth of the internet has enabled many organizations to connect to the internet and also publish their web-site. There are great number of web-sites, which have a login form and possible infected security hole. Hackers can use the SQL injection technique to steal confidential data from web-servers, database-servers and other server; they can deface home-pages and/or control a server across the internet. This hole occurs from careless programming in CGI, ASP, PHP and JSP. Hacking using SQL injection cannot be protected against by firewall. This study proposes a method to be precedence in web programming with no hole, we present an approved solution that can completely protect against SQL injection; can be used as a formal tool to develop web programs with high security and leads to improve mend overall security levels on network.