well what we got is php pages that include a file called, includes.php inside this it then includes the database connect file, now someone made a page else where on their server and included ourdomain.com/includes/database.php as an example this allowed them to fill our database with anything they wanted
how can i stop this ?