The insert and update code does have SQL injection prevention included, and you would be the first to report a hole. Most likely the SQL injection attacks are coming from somewhere else, but someone would have to review your web site to determine where they could potentially occur. What version of Dreamweaver are you using?