godaddy websiteprotection scan alert
my site is hosted on godaddy and the websiteprotection service they offer alerted me to several apparent sql syntax errors that could lead to injection attacks. I've tried several searches here for pertinent info, but have not found anything to help-so sorry in advance if i have missed something obvious. Ive attached the report that the website scanner generated.
I would like to know what changes to the code are necessary to make the site more secure.
here is the code i think it is referencing:
<form name="eCart1_1_ATC_3" method="POST" action="/testinfo.php?testid=3" >
<input type="hidden" name="eCart1_1_ID_Add" value="3" >
<input type="text" name="eCart1_1_Quantity_Add" value="1" size="4" >
<input type="submit" class="eC_FormButton" value="Add to Cart" name="eCart1_1_ATC">
<form name="eCart1_View_form_1" method="POST" action="/testinfo.php?testid=3">
<input name="eCart1_View_1" type="button" class="eC_FormButton" onClick="MM_goToURL('plugins/parent','eCart/')" value="View Cart">
Also my database tables that contain username, usermail and usermessage (i have a webassist contact form) are getting spammed with things such as <script>alert(42);</script> (which is code that i recognize from the alert i have attached)-
i should say that the input form is not on the page that contains the eCart buttons. Hope any of this info is helping...