Why has "1<ScRiPt >prompt(912" appeared in my MySQL database? Am I being hacked?

This has recently appeared in some of the rows in my database:

1<ScRiPt >prompt(912

1<ScRiPt >prompt(922

1&开发者_JS百科lt;ScRiPt >prompt(960

I've recently discovered that magic_quotes is off, and the mysql_real_escape_atring function is not being used. This is in the process of being updated.

I've never seen prompt appear in any DB before, so I'm wondering if anyone knows what it could be?

Yes it, looks like someone is trying to inject some javascript into your database. It appears they have failed, possibly due to a quote mark being escaped and finishing your sql update.

It shouldn't be a problem with magic quotes, since they are now deprecated and you should be using mysql_real_escape_string instead: http://www.php.net/manual/en/security.magicquotes.php