You should use SSL on your sever to ensure that communications between browser and server are encrypted and reduce chances of sniffing attacks.
Second of all, you should ensure that your application doesn't throw any errors to the browser that may demonstrate the underlying technology (i.e. database, or programming in use) in use...and that errors are logged and perhaps emailed so that you are aware of errors as they occur.
finally, you should always check all input and verify that...1) the data is in the correct data type (i.e. if you're expecting positive numbers, then only accept positive numbers), and 2) you should ensure that any characters such as >, <, =, !=...etc are probably escaped and perhaps even disallowed.
I would also consider changing the database connection string so that it is not the same one you've used before...in case the hacker is keeping storage of any previously found weaknesses.
I would also recommend that you use XSS and SQL scanners. there are loads of free ones on the net...here is a link that lists quite a number of SQL and XSS utilities.