According to Open Web Application Security Project (OWASP), an online community that produces well-researched reports in the field of web application security, Structured Query Language (SQL) injection remains in the top three most common input vulnerability in applications due to the progression from static to dynamic web pages leading to increased database use in web applications. SQL injection vulnerabilities is prevalent in web and mobile applications because of common unsafe coding practices. A successful SQL injection attack poses a significant risk to the database, application, and web server as a whole. In this article, the authors have examined approaches for preventing SQL injection attacks and categorize SQL injection attacks based on the methods used to exploit SQL vulnerabilities. In terms of preventing all forms of SQL injection attacks, the discussed approach appears to be acceptable. This review paper presents a systematic review of the mitigation steps which include reconnaissance, enumeration, and extraction of data. Also discussed are types of injection attacks, some alternative procedures for mitigating SQL attacks and performance metrics for measuring the effectiveness of SQL injection mitigation techniques.