<![CDATA[Background of study: SQL injection attacks continue to pose a significant risk to online systems. Traditional rule-based detection regularly fails to identify emerging or disguised attack vectors. Deep learning holds significant promise for robust detection, yet few studies rigorously compare model types or examine how to convey detection results as actionable security advice for developers.Aims and scope of paper: Building on this gap in existing research, this study tests three deep learning models for detecting SQL injection: Convolutional Neural Network (CNN), Bidirectional Long Short-Term Memory (BiLSTM), and DistilBERT. The best model is then utilized in a tool that provides developers with risk assessments, warnings about unsafe patterns, and examples of secure queries.Methods: To achieve this, a dataset of 30,919 labeled SQL queries was preprocessed using normalization, syntax validation, and stratified splitting (70/15/15). A dual tokenization approach enabled fair comparisons between architectures. Models were trained using Adam/AdamW optimizers and evaluated for accuracy, precision, recall, F1-score, AUC-ROC, and MCC.Result: Among the tested models, DistilBERT set the performance benchmark, achieving 99.8% accuracy, 99.9% precision, 99.5% recall, and a false positive rate of just 0.1%. CNN and BiLSTM showed strong results, but proved weaker against obfuscated or distributed attacks. The SQL Security Advisor system converts model predictions directly into actionable guidance for developers.Conclusion: In conclusion, our findings indicate that DistilBERT detects SQL injections more effectively than CNN and BiLSTM, particularly when attacks are complex or hidden. By combining detection, explanation, and repair, this approach helps bring research closer to real-world use and supports developers in building more secure systems.]]>
