godaddy websiteprotection scan alert
my site is hosted on godaddy and the websiteprotection service they offer alerted me to several apparent sql syntax errors that could lead to injection attacks. I've tried several searches here for pertinent info, but have not found anything to help-so sorry in advance if i have missed something obvious. Ive attached the report that the website scanner generated.
I would like to know what changes to the code are necessary to make the site more secure.
here is the code i think it is referencing:
<div class="cartwrapper">
<div class="atcdiv">
<form name="eCart1_1_ATC_3" method="POST" action="/testinfo.php?testid=3" >
<input type="hidden" name="eCart1_1_ID_Add" value="3" >
<input type="text" name="eCart1_1_Quantity_Add" value="1" size="4" >
<input type="submit" class="eC_FormButton" value="Add to Cart" name="eCart1_1_ATC">
</form>
</div>
<div class="vcdiv">
<form name="eCart1_View_form_1" method="POST" action="/testinfo.php?testid=3">
<input name="eCart1_View_1" type="button" class="eC_FormButton" onClick="MM_goToURL('plugins/parent','eCart/')" value="View Cart">
</form>
</div>
</div>
More info:
Also my database tables that contain username, usermail and usermessage (i have a webassist contact form) are getting spammed with things such as <script>alert(42);</script> (which is code that i recognize from the alert i have attached)-
i should say that the input form is not on the page that contains the eCart buttons. Hope any of this info is helping...