There are many organizations using databases to store and hide confidential data. Some of these data are published through World Wide Web (WWW) and the remaining data are hidden. Unfortunately, the attackers usually try to access and steal these hidden data by attacking the structure and the content of the database using an attacking technique called Structural Query Language Injection Attack (SQLIA). This technique gives the attackers illegal authorization to execute queries on database through the vulnerabilities in input boxes and page URL's. These queries may reveal or change the confidential data. Many techniques are available in the literature to prevent and detect SQLIA. However, these techniques do not consider languages other than the English language such as Arabic, Greek, and Japanese. Therefore, these techniques may not be able to discover attacks using such languages. In this paper, we present a formal approach to detect and prevent common types of SQLIA considering multi-languages. We formalize tautology and alternative encoding attacks using regular expressions and finite automata. We consider cases not discussed in the literature. Furthermore, we provide regular expressions and code in ASP.net which can be used by developers to detect and prevent attacks on websites that use Microsoft SQL server 2014 (MSSQL). We validate our work manually and by using tools. Results show that our model can detect and prevent SQL injection attacks including languages other than the English language.