One more question in the meantime - how can I get all the tables/fields with nvarchar type more than 100 characters? I'm thinking that nvarchar fields are causing our problems and we may need to use varchar instead.

Thanks in advance.

>>Hi,
>>
>>if you want to prevent HTML Cross-Site Scripting (XSS) read this:
>> Great link
>>
>>the database is not the right place for such countermeasures imho.
>>
>>Regards
>>Christian
>
>The question now is - how to deal with after attack problem?
>
>We did implement some measures already but not yet everything that needs to be done. We have another attack today. I'm cleaning the database again, but how exactly should we know what has to be cleaned?
>
>That's the main question now. In other words -dealing with the attack.