Some people on the internet are jerks.  They like to write scripts that roam the interblog, trying to muck with people's sites for their own gain.  A common tactic is SQL injection, and it can suck out loud if you get hit with it. 

Over the last week and a half, I've been attacked 5 times by the same malicious code which tries to use SQL injection to modify my database.

Wait, what is SQL injection?  Basically, it's when someone takes an "in" to a query you're already running and adds their own SQL into it that executes an additional SQL command on your database.  So for example, let's say you have a query that runs based off of a URL parameter, like this:  http://css-imagine.com/gallery.cfm?siteID=12.  In this method, my page looks to see if the URL parameter "siteID" exists, and if it does, it runs a query that looks for and retrieves information that equals the value of the argument "siteID" (here, it's '12').  

What SQL injection would try to do with this, then, is to add some additional SQL to the end of my query string, hoping to find a hole to exploit and execute its own commands.

So how do More >