Novus - 2:44 pm on Jun 13, 2011 (gmt 0)
I tend to agree unfortunately I cannot find any paperwork other than the invoice for the original site build. (this was build in 2008) way before my time here.
From the moral standpoint? Successful SQL injections are the fault of the developers. Good code is not vulnerable to web-based SQL injections.
Contemplating moving the site & database away from the current developer/host to another developer, although I expect that will cost more then just the fee to fix it?