SQL injection is a type of attack which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application's underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability. In this paper, the authors present SQL injection attack types and also current techniques which can detect or prevent these attacks. Finally, they evaluate these techniques.