Advancement in technology has made many universities to adopt the system of storing students' results in online databases in both developed and developing countries for easy accessibility and to eliminate redundancy. However, these are subject to different types of attacks ranging from hardware to software attacks. In Federal University of Technology Akure (FUTA), Cyber Security department is not left out because attackers contribute a potential threat to the institution's information security. There are various methods attackers can use to carry out this malicious act, but this research considered SQL injection attacks. The researcher reviews related works, designs and implements student database applications for FUTA Cyber Security department. The research demonstrates how SQL injection can be used to change student grades and preventive measures to minimize SQL injection attacks, such as avoiding sharing database accounts using different sites or applications, regular updates of database software, regular update of security patches and passwords and regular scanning of web applications with a web vulnerability scanner.