I had a weird occurance with a client's site last night. Someone ordered some products from the site and instead of writing one order to the database it wrote over all the old orders. I have nothing in the code that would allow this (I think). Is this likely to be an example of an SQL Injection attack? The database is an Access db. Is there any way of me finding out what happened? Would the log files show me this?