try changing your FTP password to something less crackable.

Fixed it...
someone posted a SCRIPT into my mySQL Db..

HOw can I disallow particular charcters from being posted into a submit form that gets sent into a mySQL DB?

ken - this a deep and important subject that requires immediate attention. First, Google for terms like "php security" "cleanse input," but by your last post the most important topic will be "sql injection" or sql inject."

A dig through the php forums here will be helpful too.

Second, and this one's **real** important - don't think for a minute they are actually submitting your form. Examine this command:

curl -d [www,example.com...] 'customer=me&cc=4007000000027'

If this simple example is executed from the command line on a Linux box, basically curl will go to that URL as if it has submitted a form with the fields "customer" and "cc" and return the result.

The point here is a form processor does not have to be visited by your form and can be attacked from anywhere. There are hack programs that do this in an automated process. So don't waste your time on Javascript in your form to correct this, turn your attention to your scripts.

Lastly,

someone posted a SCRIPT into my mySQL Db..

Did this happen as a result of YOUR scripts or someone else's domain on your hosting server? If it came from some other domain on your host, find a new host, immediately, and do not think twice.