By increasing the development of Geographical Information Systems (GIS) providing electronic map data exchange with internet and mobile applications, related problems such as keeping secure map information, safe transactions, and assured broadcast services are necessary. Every year millions of attacks on financial and data information will be caused a series of problems in the world. One of the most critical attacks on the application level is SQL injection into the Web database. This paper tried to present a model for preventing SQL injection into GIS applications, which leads to fetching and manipulating the map information and data from a database. It also provides solutions for IT managers to keep the GIS website secure. The model security steps were tested on one of the GIS portals of Iranian organizations. To evaluate the performance of the proposed model, the security of an Iranian web GIS was checked before and after the announcement of the instructions, and the test results of the vulnerability checking with Acunetix and DVWA. The result showed that the website was completely safe and the model’s instructions for various stakeholders, including programmers, administrators, and GIS experts can significantly prevent this attack. Manuscript profile