RiverLightDesign - 6:40 pm on Jun 3, 2008 (gmt 0)
Just got hit. To prevent further attacks I'm implementing some code in an include that checks the full querystring for the presence of sql commands such as "select", "update", etc... characters that should not be present... I'm using regular expressions but simple instr() functions would work also. The key is to do these checks before any sql commands are issues from your scripts, and if triggered to redirect the user to a simple 404 error page.