With advancements in Internet technologies, there is an increasing growth of applications that are web based. With smaller software development cycles and faster delivery, security has become an important issue. There are many types of security attacks that are made on Web applications and SQL injection attack is one type of an attack. Recently, studies have shown that more and more web applications are getting attacked by different types of SQL injection attacks. To effectively detect and prevent these attacks, a deeper understanding on the different types of SQL injection attacks, the nature of the attacker, and the mechanism used is very important. This paper discusses details that one would need to understand all about SQL injection attacks. This paper presents a detailed study of most recent SQL injection attacks on web applications, SQL injection prevention and detection mechanisms. The classification of different types of SQL injection attacks, prevention and detection mechanisms discussed in this paper highlights the need for future improvements in the detection and prevention mechanisms to secure web applications from SQL injection attacks.