Gene Expression Programming (GEP) is a technique that evolves populations of chromosomes in order to solve a user defined problem of detecting web applications attacks. Currently, SQL injection attacks are one of the top most threats for applications written for the Web. These attacks are launched by means of through specially crafted user input on web applications that use low level string operations to construct SQL queries. The objective of this paper is to transforms intrusion detection problem into classification problem by means of classifying SQL queries in terms of normal and malicious queries using decision tree algorithm and with intelligent agents. This proposed work consists of three phases, the training phase, the detection phase and Prevention phase. In all phases the intelligent agents play a major role for classifying the fitness values for the detection and prevention of SQL injection attacks. During the training phase, SQL queries are retrieved from the web applications and fitness value is calculated for all queries with intelligent agents. During detecting phase, fitness value is calculated and used to make decisions based on the comparison with maximum fitness values and in prevention phase the existing SQL attacks and new form of SQL attacks are prevented based on the calculated fitness value with intelligent agents. © EuroJournals Publishing, Inc. 2011.