Targeting　at　PHP　program,　this　paper　proposes　an　SQL　vulnerability　detection　method　based　on　the　injection　analysis　technology.　This　method　makes　a　detailed　analysis　on　the　one-time　injection　in　the　aspects　of　data　flow　and　program　behavior,　on　the　basis　of　the　combination　of　dynamic　and　static　analysis　technique.　Then　it　implements　the　SQL　vulnerability　determination　algorithm　which　is　based　on　lexical　feature　comparison.　At　last,　this　paper　combines　alias　analysis　technology,　behavior　model　and　SQL　which　is　based　on　lexical　feature　comparison　to　design　and　establish　a　prototype　system　for　SQL　vulnerability　detection.　The　experiment　shows　that　our　system　has　a　good　strong　ability　of　SQL　vulnerability　detection　and　very　low　time　cost.