A method for preventing intrusions in a database system is provided. When the database system receives a request to execute a database command, the database command is parsed to generate parsed information. Before executing the database command, the parsed information is evaluated against a set of rules. If the parsed information satisfies the conditions associated with a rule, the database system performs an action associated with the rule. The action may be an action designed to prevent intrusions, and may be performed instead of or in addition to executing the database command.