This project provides a security scheme to protect MySql database, which can improve the security of MySql database and make it more suitable for the current network security environment. At present, serious data leakage incidents occur frequently, but small and medium-sized enterprises often lack sufficient technology and resources in the face of these attacks. The database dynamic security layer implemented in the project allows the database administrator to add the security layer between the application server and the database with few changes to the application server. This can hide the database behind a security layer to improve security. The project proposes a command structure called SQL request that requires database users to interact with the dynamic security layer in a strongly restrictive format. The low degree of freedom this command format has greatly reduces the likelihood that the security layer will be misled or spoofed. At the same time, the command structure of SQL requests does not affect normal database access instructions. In addition, the ACL, DACL, UEBA and Data Filter four SQL command filtering control functions provided by the security layer can respectively screen the SQL request for static rules, dynamic access control, analyze whether the behavior conforms to the previous rules and screen the SQL command return content. ACL screens SQL requests in a way similar to ACL list in network firewall. DACL introduces the concept of trust value on the basis of ACL to reject malicious requests without affecting regular access. The UEBA function uses user credentials, source IP address, destination table, SQL commands type and the influenced number of rows in the data table as keywords to learn user access rules. Make this function effective in analyzing user patterns while complying with GDPR. The Data Filter provides an additional layer of protection for the query functionality by filtering the contents of the table. The security layer itself contains a variety of security designs, and even if the security layer is attacked by the network, it is difficult to affect the MySql database located behind the security layer. The deployment of database dynamic security layer can greatly reduce the attack surface of the database and not affect the normal users of the database.