Catching SQL Injection and other Malicious Web Requests

Question

I am looking for a tool that can detect malicious requests (such as obvious SQL injection gets or posts) and will immediately ban the IP address of the requester/add to a bl

Answer 1

The problem with a generic tool is that it is very difficult to come up with a set of rules that will only match against a genuine attack.

SQL keywords are all English words, and don't forget that the string

 DROP TABLE users;

is perfectly valid in a form field that, for example, contains an answer to a programming question.

The only sensible option is to sanitise the input before ever passing it to your database but pass it on nonetheless. Otherwise lots of perfectly normal, non-malicious users are going to get banned from your site.