Have you any scripts that can be hijacked?

Or any admin panels that are easily accesible?

I'm not very familiar with asp, I just tried to see throght ftp if any files were recently changed (date) none were that I could find. I dont know where to start looking on my site file to see how he got in.

your hosting company should be able to guide you on this

do you know what scripts you are using php? asp?.....is it possible the hosting company could have been hacked?

my host sent me an email today, they said it was a SQL injection attack so i have to find out how to stop it from happening again.

Somewhere you have information being read or written to your SQL Server database that you might be using to interact with the web interface.
(e.g. via forms or logins to forums)

Check the SQL syntax in your ASP pages. The best would be to convert any SQL statements to stored procs so that hackers cannot introduce further SQL statements to compromise security.

Hope this helps

[4guysfromrolla.com...]

a recent thread in this forum on avoiding SQL injection attacks [webmasterworld.com] has several links to MSDN documents on the subject.

if you do the asp scripting yourself i would advise that you write something to protect youself by blocking the ' for starters. I wrote one that blocked everything apart from numeric / alpha and + & = and space. Thus being very strict.