Novus - 2:44 pm on Jun 13, 2011 (gmt 0)

From the moral standpoint? Successful SQL injections are the fault of the developers. Good code is not vulnerable to web-based SQL injections.

I tend to agree unfortunately I cannot find any paperwork other than the invoice for the original site build. (this was build in 2008) way before my time here.

Contemplating moving the site & database away from the current developer/host to another developer, although I expect that will cost more then just the fee to fix it?