Site has been hacked via SQL Injection

Question

Recently my site was hacked via SQL injection. The hacker used the following query to get my DB name. I cannot understand this query they wrote.

Query:

Answer 1

The query returned the Database name using DATABASE() , it then converted this to a hex value using HEx() function.

Once they had this they could use UNHEX function

Have a look at the UNHEX examples

mysql> SELECT UNHEX('4D7953514C');
        -> 'MySQL'
mysql> SELECT 0x4D7953514C;
        -> 'MySQL'
mysql> SELECT UNHEX(HEX('string'));
        -> 'string'
mysql> SELECT HEX(UNHEX('1267'));
        -> '1267'

It is good to know how they got in, but all in all, you need to fix up your code to avoid SQL Injection.