With the wide use of Web application in recent years, its security has seriously affected the experience of relevant users. In particular, the SQL injection vulnerability attack is the most commonly used technique in attacking Web applications. In this study, a chopping-based method is proposed to detect the second-order SQL injection. Firstly, the static analysis based on chopping had been used to find the suspected first-order SQL injection paths. Secondly, the SQL statements in those suspected paths should be used to get the second-order operation pairs, which had been used to get the suspected second-order SQL injection paths. Finally, the attack vector is constructed to confirm the existence of the vulnerabilities which are hiding in Web applications. The experimental results show that the method we propose in this study can effectively detect the second-order SQL injection vulnerabilities thus prevent Web applications from SQL injection attack.