Hi we have ASP-MYSQL (dating) and since 1 week 1 hacker-lamer attacking to our Mysql and making some thing at our database - adding gold memberships - creating memberships etc. our coder tried to modifiy somethings at codes but unfortunatelly we didnt understand where is " back door ". we can not do anything. if anybody can help me, i can give him a price for this help ( not too much but i can give some gifts ) please send me pm, we will talk on msn.
PM me with your site and I will take a look. I am no expert but I am decent. http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php will help as well
You need to make sure all inputs are sanitized before being sent to the database. Consider using a web application firewall if you don't already have one in place on your server. Take a look at the Open Web Application Security Project (OWASP). They have an excellent explanation of what do, with illustrations and code examples. hxxp://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet