Abstract
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.SQL injection is a trick to SQL query or command as an input possibly via the web pages. They occur when data provided by user is not properly validates and is included directly in a SQL query. By leveraging these vulnerabilities, an attacker can submit SQL commands directly access to the database. In this paper we present all SQL injection attack types and also different technique and tools which can detect or prevent these attacks .Finally we assessed addressing all SQL injection attacks type among current technique and tools.