SQL injection is one of the security abuse in which the person makes use of SQL in other words Structured Query Language in a web form in order to have access to data and thereby make changes to the data. That is on a web application the user has to be validated with username and password and only if it matches they must gain access to the database. This is the main security action that has to be followed in web application for database security. Apart from this major security measure there is no main measure for security of database which makes it easier for people to unauthorized access to the entire database. In fact the SQL injection has increased in number because of the use of automated tools. Thus SQL injection is improper access to database which causes security abuse due to user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.