Database is an important part in modern information processing. We need database to deal with information of customers, goods, household data and education statistics, ever though search engine in finding varied information. It can say that we can't process large number of data without divorced from the use of the database. In addition to the internal information processing, database can be optimized in the work to search or modify data as well. For example, an online forum that allows members to set passwords or portraits needs a form to upload data. When needing query and modify database, the most common way to use is SQL. We often organize user's input, and then compose the SQL command to get the target data. SQL is powerful, but its features also cause the danger of misuse; SQL Injection is one of them. Just imagine if someone tamper the database of College Entrance Examination or teacher admission test, how serious it well! This paper analyzes the common SQL Injection tactics, and possible solutions. In the end, this paper makes an overall viewpoint to prevent from misusing of SQL Injection.