SQL injection attack is one of the sinister ways for malicious usrs to exploit and break into your website. This kind of attack results from careless coding and allowing users to input characters such as colon “‘” into their input string, which are then used to extract certain information from the database.

You are at particular risk if you are using a script aquired from somewhere else (forums, commercial scripts). Since you probably cannot plug ALL the vulnerabilities, do consider doing frequent backups to at least recover from such disasters. After that, you have to dive into the log files to see what the attacker did, and fix the holes accordingly.

Moral: stay away from unknown scripts, and with popular scrips such as forums (phpbb), apply all the latest security patches.

Protect Your Site By Learning How To Hack it is a good starting point for research on sql injection and other website vulnerabilities.