SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations. Based on our observation that the injected string in a SQL injection attack is interpreted differently on different databases, in this paper, we propose a novel and effective solution TransSQL to solve this problem. TransSQL automatically translates a SQL request to a LDAP-equivalent request. After queries are executed on a SQL database and a LDAP one, TransSQL checks the difference in responses between a SQL database and a LDAP one to detect and block SQL injection attacks. Experimental results show that TransSQL is an effective and efficient solution against SQL injection attacks.