Are you interested in only this particular type of a hacker attack? And don't care if your site got hacked using other types of attacks? ;-)
find all GET variables in the urls and replace them with "-1" or "(single quote)" if it's your site.. get someone to audit the script.. it's the best way of finding vulnerabilities..
Continually review your server logs. I have had great results by targeting traffic to specific geography, and blocking everything else. For example, if your site is meant for USA, block all other countries using .htaccess on Apache. Another idea is to start using a web application firewall like mod_security or dotdefender. Then you can make rule specific changes to block these types of attacks.
just check the POST variables with mysql_real_escape_str() in PHP. It will prevent injection attacks.
not mysql_real_escape_str(). It's mysql_real_escape_string() Check POST/GET/COOKIE/SESSION like -> mysql_real_escape_string($_POST['id'])
Will this work ? Is there any other method to find our the SQL injections ? Is this applicable to general sites with small data base also?
yes, but not just POST but also GET, cookies and anything you use in an sql query. Your entire code needs to be audited for security problems. Sql injections are not the only vulnerability that can affect you. Find a professional and let him do the job.
As pitagora say, there are hundreds of vulnerability types in web application. If you make money/reputation with your sites, you should make them secure.