SQL injection can be judged with reshaping and character string parameters and the aim of injection can be judged according to the type,table name and field name of database.