SQL injection can be defined as the technique where hacker executes malicious SQL queries on the database server through a web application to either gain access over the sensitive information or on the database. This is the web based vulnerability which allows attacker to spoof the identity, destroys the data present on the system and changes the records present on the database. The main consequences of SQL injection includes loss of confidentiality, authentication as the attacker without providing the authentic user name and password could successfully obtain access over the network by manipulating the logic of SQL command, loss of authorization as attacker leaks complete information present on the system and the lack of integrity as hacker obtain access on the database information and other sensitive information. In this paper we broadly focuses on the SQL injection, its associated threats, attacks, types, step by step method used by the attacker to implement SQL injection, SQL injection queries and its prevention.