In　order　to　deal　with　serious　security　threats　of　SQL　injection　to　Web　applications,　this　paper　proposes　a　novel　SQL-injection　detection　method　based　on　genetic　algorithm　(GA).　A　unified　description　for　characteristics　of　SQL-injection　was　issued　by　regular　expression,　and　an　optimized　SQL-injection　sequence　motherboard　was　got　through　GA.　We　detected　harmful　levels　of　SQL-injection　attacks　using　template　matching　and　achieved　optimized　correction　scheme　of　the　algorithm　by　a　large　amount　of　data.　©　2014　WIT　Press.