Re: encryption doesn't help?
> I was staggered to hear that this is apparently a SQL injection attack.
Er, you may not want to check out the OWASP top 10.
The worst part of most* SQL injection attacks is that you can use Google to find web pages that are build with frameworks that don't support paramaterised queries. Once you find one, there are programs that automate the data extract.
* OK, I can't prove this represents most, but it is tremendously easy to find and there are a lot of them.