Today, most web applications are vulnerable to SQL-injection attacks. Malicious inputs by unauthorized attackers can cause the deletion, modification, or retrieval of confidential data from remote databases, creating huge financial losses and affecting the operations of commercial vendors and financial companies. Accordingly, the aim of this study is to identify the latest SQL injection attacks based on user inputs in web applications associated with remote server databases and to develop a new method based on dynamic detection techniques to prevent SQL injection attacks. The methodology is based on JavaScript and PHP languages for developing a new technique called DetectCombined, capable of filtering queries using parameterized queries to protect against SQL injection, which is a safe method. It is a code with double shield protection that prevents unauthorized extraction or damage to the remote database on the server side due to malicious SQL injection. The proposed DetectCombined is an innovative technique that executes a protection code based on a sequence of three stages: filtration-validation-history. This technique produces a robust protection code that distinguishes between safe SQL commands and malicious ones and reinforces the memory of the detection procedure by saving previous SQL attacks in special tables in the remote database, regardless of the types of users, whether general users or admins. This can increase SQL injection protection while also allowing for large amounts of user data to be entered. Filtering queries with parameters: Using parameterized queries to protect against SQL injection is a safe method.