The following are the countermeasures against database attacks:

* Input Sanitization: The Database Administrator must sanitize any input received from a user. The data submitted should be checked for data type (integer, string, and so on) and stripped of any undesirable characters, such as meta-characters.
* Adherence to strong firewall rules: Be sure to check firewall rules from time to time and always block any database access ports, such as TCP and UDP 1434 (MS SQL) and TCP 1521-1530 (Oracle).
* Modification of error reports: To avoid a SQL injection, the developer should handle or configure error reports in such a way that the error is not visible to outside users. In these error reports, a full query is sometimes shown, pointing to the syntax error involved, and the attacker could use it for further attacks. A display of errors should be restricted only to internal users.
* Stored procedure removal: Be sure to remove all stored procedures (including extended stored procedures) from the entire database. These seemingly innocent scripts can help an attacker topple even the most secure databases.
* Session encryption: When a database server is separate from a Web server, be sure to encrypt the session stream using any method, such as using IPSec native to Windows 2000.
* Least privilege: The default system account (sa) for SQL Server 2000 should never be used.
* Escape quotes: Replace all single quotes with two single quotes.

Explore More

Web threats to surpass e-mail pests

E-mail has traditionally been the top means of attack, with messages laden with Trojan horses and other malicious programs hitting inboxes. But the balance is about to tip as cybercrooks

Infection via HTML

Edit the code on what and how you need it, and yes this is detectable  in many cases, but you could insert a small FUD downloader to be  downloaded via

Yahoo Hack Leaks 453,000 Voice Passwords

Yahoo Voices users: Change your Yahoo password immediately. A hacker or hacking group that bills itself as “DD3Ds Company” Thursday leaked what it said were plaintext passwords for 453,492 Yahoo