Web applications are becoming an important part of our daily life. So attacks against them also increasesrapidly. Of these attacks, a major role is held by SQL injection attacks (SQLIA). This paper proposes anew method for preventing SQL injection attacks in JSP web applications. The basic idea is to checkbefore execution, the intended structure of the SQL query. For this we use semantic comparison. Ourfocus is on stored procedure attack in which query will be formed within the database itself and sodifficult to extract that query structure for validation. Also this attack is less considered in the literature.