I am trying to help out my church’s website - they have been getting hacked by some clown over the past few days saying ‘islam is the only true religion’. Can anyone provide me with any help or tools or anything to figure out how to plug up any security holes?
Well, without seeing the code for the page that gets hacked, not much suggesting we can offer…
are you sure it is an sql injection exploit?
maybe the
“clown”
has a away onto the webserver.
some code or a link would be nice 
Please provide the code of the page or web server logs. so we can point you to the right direction.
Are you using mysql_escape_real_string to ensure it removes any potential threats to your database?