SQL injection is an attack in which malicious code is inserted into strings, which are later, passed to the database server for parsing and execution. This attack can be applied to any page which accepts user input to capture data or query parameters to dynamically render the content on the web page. We tried to implement multi layer architecture to prevent SQL injection attack. At each layer we will assign different roles and responsibilities.