SQL injection attack is a major threat to web application security. It has been rated as one of the most dangerous vulnerabilities for a web-based application. Based on the Open Web Application Security Project (OWASP), it is measured as one of the top ten.  Many types of research have been made to face this attack either by preventing the threat or at least detecting it. We aim in this paper to give an overview of the SQL injection (SQLI) attack and classify these attacks and prevention and detection tools. We introduce the most current techniques and tools that are used to prevent and detect SQLI and highlight their strengths and weaknesses.