how to clean up php injection attack?

[AliOki]

this happened after my host moved to a new server. I've already asked this but I'm not getting any responses so I'm trying again

when i go to "view Source" i can see the malicious code. When I open the files in FTP nothing is there.

is this something that needs to be done by the webhost (server access can give some handy linux commands to search for and remove the bad code wby searching through all the .php ext files)

or is their something i can do??

thanks

 

[sheldonlinker]

Let's say you input a field, and the value is $value. You can't just use this field as a string like this:

"DELETE FROM someFile WHERE someField='$value'"

An injection attack may have a quote in the value, followed by malicious code. Names may be "O'Connor", which will also mess you up. You need to use the string replacement function to replace a single quote with two single quotes.