SQL Injection attacks pose a very serious security threat to Web applications and web servers. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive and important information these databases contain. Although researchers and security professionals have proposed various methods to address the SQL injection problem but current approaches either fail to address the full scope of the problem or have limitations that prevent their use and adoption. Many researchers and security professionals are familiar with only a subset of the wide range of techniques available to attackers who are trying to take advantage of SQL injection vulnerabilities. As a result, many solutions proposed in the literature address only some of the issues related to SQL injection. To address this problem, we are presenting an extensive review of the different types of SQL injection attacks known to date. Also for each type of attack, we provide descriptions and examples of how attacks of that type could be performed. We also presented and analyze existing detection and prevention techniques against SQL injection attacks. Keywords:SQL injection attack, SQL queries, web application, DBMS, taxonomy, web application.