Abstract: When data is uploaded from any means of data communication, data may be leaked or attacked. Cross-site scripting (XSS) attacks are the most vulnerable types of attack found now days. It empowers aggressors to infuse customer side script into Web pages saw by different clients. By the help of this type of injection you can control the page by inserting, updating and modifying the data. SQL Injection attacks are easily possible in PHP, JSP and ASP interfaces. It is so because of the older function interface. In case of Java/J2EE and ASP. Net interface it is not so easy because of the programmable interfaces. The main hassles due to the attacks are: Confidentiality, Authentication, Authorization and Integration. If the website is data driven, SQL Injection attacks are easy to employ. So due to the above characteristics controlling the attacks parameters are essential. Our paper main aim is to prevent and detect different types of attack. So for this means analysis and study has been presented.