I couldn't see any SQL Injection holes in these files. Can I see your copy of:
/webassist/database_management/wa_appbuilder_php.php
I'll make sure it is up to date and doesn't have any security holes in it.
Did you get information with a sample url or something that exposes the SQL Injection hole? Your files seem to have a lot of hand code. A single line of code on a single page can open a security hole, so it could just be on another page in the site.