We were recently the target of an SQL injection, so I am trying to
determine if they were successful. I have recovered the SQL commands
from mysqld.log, but the code has me stumped.

INSERT INTO queries (file,id) VALUES ('labs.php','4 OR 0 IN (SELECT TOP 1
CHAR(60)+CHAR(112)+CHAR(102)+CHAR(111)+CHAR(110)+C HAR(107)+
CHAR(110)+CHAR(112)+CHAR(112)+CHAR(62)+COALESCE(CA ST(0 AS
VARCHAR(8000)),SPACE(0))+CHAR(60)+CHAR(122)+CHAR(1 08)+
CHAR(105)+CHAR(99)+CHAR(110)+CHAR(113)+CHAR(97)+CH AR(116)+CHAR(62))
OR 0 IN (SELECT CHAR(60)+CHAR(120)+CHAR(111)+CHAR(112)+CHAR(107)+
CHAR(110)+CHAR(97)+CHAR(106)+CHAR(117)+CHAR(62))--')

Can anyone explain what this was intended to accomplish? I understand
the basic trick is in the "OR 0" disjunction, but I do not understand
what this would actually do if successful.

The above example gives a syntax error when I try it, but several
different attacks were done on different applications, and I have not
yet looked at all of them.

Thanks,
Fletcher

P.S. Is there a better place to ask this question?