I found some interesting articles about this hacker attack using SQL injection and I’m aggregating them here. I got this custom tag from “Por que CF” (Why CF) written by Pedro Claudio (CF-Brasil), and here is its usage:
<cf_DisableSQLInjection> Block and log the results
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail” mailfrom=“mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404” >Block, log, and send email with a title
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404” message=“<h3>Erro 404 – page not found</h3>“ >Block, log, send a message with title and HTML message

Download the custom tag here.

There is another excellent article with examples by Devit!.