The book describes about the threats on the database.we provide descriptions and examples of how attacks of different type could be performed. we also present a methodology to prevent SQL injection attacks. It concentrate on the SQL queries and SQL Stored procedure where Input parameters are injected by the attacker.SQL injection refers to a class of code-injection attacks in which data provided by the user is included in an SQL query in such a way that part of the user's input is treated as SQL code.Even if the injected code is intercepted before execution, administrators are often presented with information that does not identify clearly the association between the commands that were attempted, the assets that were at risk, the threats that were imposed, and the countermeasures he/she has at disposal. To address these issues, a repository of SQL injection attacks that are classified in a semantic-aware, easy to comprehend model is needed.