With the help of an easy Lua script, MySQL Proxy can be steered so that it can recognize SQL Injection attacks. On his blog recently, Stefan Esser (expert in PHP security) explains the same with an example.

His script checks detailed SQL queries for suspicious contents, for example- forbidden SQL functions, databases, tables, statements or comments. And then when the required SQL query believed to contain an SQL injection is not executed an error message is returned.

“MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communication. Its flexibility allows for unlimited uses; common ones include: load balancing; failover; query analysis; query filtering and modification; and many more,” writes Stefan on his blog.