Abstract: Web applications are used by many users.web applications are consist of web forms, web server and backend. These applications are vulnerable due to attacks and scripts as the number of web application users are increasing. Web application can have sensitive and confidential data which is stored in database.web applications accepts the data from the users. This data is retrieved from the database through the queries.SQL Injection attack is one of the most popular attack used in system hacking or cracking. Using SQL INJECTION ATTACK attacker can gain information or have unauthorized access to the system. When attacker gains control over web application maximum damage is caused. This paper illustrates SQLIA methods and prevention and detection tools.