The advancements in internet technology have attracted more users for web applications over recent years. Users’ confidential data are stored in databases thus heightening the security needs. Lack of secure coding in web application causes data threats. Database security plays an important role in information security. Access to database grants attackers control over sensitive information. The SQL and NoSQL injection attacks are categorized as dangerous attacks by the Open Web Application Security Project (OWASP). This work presents a framework for improving website security by detecting and preventing attacks in SQL and NoSQL databases. The proposed system is tested on vulnerable web applications and its efficacy is compared to that of two other systems. Other systems can detect attacks in either SQL or NoSQL databases but not both together. However, the proposed and implemented system can detect and prevent attacks in both SQL and NoSQL databases.