SQL injection is a technique where malicious users can inject SQL commands into an SQL statement through user input. It is among the most common application layer attack techniques used normally. SQL Injection is among topmost attack mechanisms used by malicious user to steal data from organizations. This is one of the types of attack which takes advantage of improper coding to inject SQL commands into form through user input to allow them to gain access to the data. Use of WCF service for avoiding SQL injection attack will implement combination of adaptive methods and tokenization method.