Nyraxis AI

SQL Injection

Detects SQL injection patterns including DROP statements, UNION SELECT, tautologies, and stacked queries.

SQL Injection

SQL Injection detection identifies malicious SQL patterns in user inputs that could be passed to text-to-SQL systems or database-connected agents. It prevents attackers from manipulating LLM-generated queries to exfiltrate data, modify records, or destroy database objects.

What it detects

  • DROP TABLE/DATABASE statements
  • UNION SELECT data exfiltration
  • Tautology attacks (1=1, 'a'='a')
  • Stacked queries using semicolons
  • Comment-based injection (--, /**/)
  • Time-based blind injection (SLEEP, WAITFOR)

Configuration

{
  "policy_type": "sql_injection",
  "mode": "blocking",
  "config": {}
}

No configuration needed — all SQL injection patterns are detected by default.

Example violation

{
  "policy_type": "sql_injection",
  "severity": "high",
  "description": "UNION SELECT injection attempt detected",
  "details": {
    "attack_type": "union_select",
    "payload_fragment": "UNION SELECT username, password FROM users--"
  }
}

Best practices

  • Enable for any application using text-to-SQL or natural language database queries
  • Combine with parameterized queries at the database layer for defense in depth
  • Monitor blocked attempts to identify targeted attack campaigns
  • Apply to both user input and LLM output when the model generates SQL

Gibberish Detection

Detect incoherent, nonsensical, and garbled text in LLM inputs and outputs.

Web Sanitization

Detects XSS, HTML injection, script tags, event handlers, and data URI attacks.

On this page

SQL InjectionWhat it detectsConfigurationExample violationBest practices