Abstract: With the wide use of Web applications and services based on the Internet, the fraction of attacks using some bugs of Web applications is increasing, compared to all types of attacks. The SQL injection attack has become the most important hidden danger of threatening the Web security. In order to prevent the harm of SQL injection attack to network information, a detection system of the SQL injection attack has been designed and implemented based on the Windows environment. According to the SQL grammar structure, under the help of tree structure, this system extracts a set of keyword library of SQL injection attacks detection by split and classification of the injected SQL grammar, finding the features of each type, and use keyword matching technology. It finally designed a test system based on C/C++language. The system includes both online and offline modes, and it is on the basis of keyword library and dangerous IP library. The online mode can test the data packages that are obtained randomly. The offline mode can analyze and test the data packages of different types of packet sniffing tools. The experiment results show that the system has high accuracy rate (up to 92%) of detection for dangerous packets and can support the data package file format generated by Wireshark and TCPDUMP. So this system has the good actual significance for preventing SQL injection attacks. The false alarm rate is only 0.6 per cent.