Ulimate survey advanced V7.1 SQL injection Attack

We are using Ulimate survey advanced V7.1. It is running on a web server and the backend SQL server 2005 database was running on a different server. We had SQL injection attack from some hacker. They were able to update most of the tables with redirect to some Russian website and that link was trying to download a Trojan virus on to the client machine when people try to access our website.

I had to restore the database from my old backup. As of now i removed the database write permission so the database. Now i give write permission i will be hacked again and if i don't give write permission the application is useless.

Please help us. Please harden your code/SQL and handle application security in a better way, so that you customers will not be effected by SQL injection and other attacks.

[administrator]

We have not had SQL injection attacks reported previously, so it would be beneficial to us to have more information. Could you tell me what specific tables and fields were attacked? Once we have this information we may be able to provide suggestions or a solution to the issue.

Almost all the records in the database were altered.........

[administrator]

Were there any tables left untouched? If so, please tell me specifically which ones.