SQL injection refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Since an SQL injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database. SQL injection can provide an attacker with unauthorized access to sensitive data including, customer data, personally identifiable information, trade secrets, intellectual property and other sensitive information. "A method to detect and prevent SQL injection attack" book helps the researchers, academicians and students that how to detect and prevent attack in database.In this book, the SQL injection attack is prevented by classifying users as ethical and unethical by comparing static and dynamic analysis the SQL injection attack will be detected. In static analysis the DFA structure of the query at compile time will be analyzed where as in dynamic DFA structure of the query at run time is analyzed