Fahimeh Parsaei - MSC Student of Information Technology Engineering Dept,University of NoureTuba
Mohammad ali Arasteh - MSC Student of Information Technology Engineering Dept, University of Qom, Iran

By increasingly development of electronic commerce and providing different electronic situations such as internet and mobile commerce, electronic commerce has been changed to one of important issues in 21 century. By development of electronic commerce related problems including keeping the security of information and transactions between seller and purchaser seems necessary. Every year attacks and financial and information losses resulted from these attacks are increased. So increase in efficiency of electronic business requires attention and practical measurements for keeping security and countering with possible risks by hackers of these programs. Most attacks are attacks to program level and today one of the most important attacks to this level is attack to data base of sites by the approach of SQL injection. In this paper it is tried to examine the SQL injection which leads to fetch and manipulating the information of data base. It is also tried to identify vulnerabilities in electronic commerce programs particularly sites which are based on business to customer (B2C) and finally while stating the strategies for managers of these sites for keeping their site in safe, approaches for encountering these attacks are introduced.

SQLinjection, e-commerce, inband & outband attack, database hijacking