Hello!
It doesn't really sound nice to know about the sql injections, and I suppose you know about them because your website has been attacked at least once and some damage to it caused. Is it some open source or a custom platform? And what about the "direct access links", do you mean hot-linking from other websites? If you could give me some details about everything, that'd really be great, and I could properly evaluate the situation. As a first step, please send me the URL of your website, let me have a look on it.
Regards,
Dragos