Ok, the latest state of sql injection attacks have been a nightmare. We got hacked again, but this time, with a insertion at the url level. These are a little easier to track. In the server logs, we found the following code in different formats.

Code was messing up my layout.  check out the text file here.

So look through your server logs for this code in the url with a GET statement. Have your coder or web programmer disallow all all of the elements being used in the statement.