Tools for decoding SQL injection attempts, locating vulnerabilities

I would like to decode their hex requests, what tools would I need?

Also- are there good automated pen-test tools to explore possible vulnerabilities in my code? I assume these exist as the requests I received were too rapid to be manual.

Sample request:

action=999999.9)+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x39313335313

Solution

Tools include:

WebScarab
Paros Proxy
sqlmap
BSQL Hacker

Articles:

Top 15 free SQL Injection Scanners
Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study
(requires IEEE login)
Web application security: Testing for vulnerabilities (IBM.com)

How to properly delete data from a table and chain the deletion
Find procedure name in all other procedures
SQL-How to Insert Row Without Auto incrementing a ID Column?
Why can't I use an alias in a DELETE statement?
How do I perform a GROUP BY on an aliased column in SQL Server?
Running multiple SQL-Statements with Python
Using rangeBetween considering months rather than days in PySpark
How to find databases which accessible to me in Sql server?
data return incorrect using left join with 2 tables
Repeat rows specified number of times in PostgreSQL
How to visualize database tables in postgresql using pgAdmin?
Odata override behaviour of orderby
Unable to open BCP host data-file
How to join parent object with nested array using OpenJson SQL
batch update a column using sql
Queries using LIKE wildcards in sql server
Conditional aggregation in SQL: display condition-dependent count in percentage?
Parsing JSON with Oracle SQL without knowing incoming field names
In a standard MS Access SQL query output that does not have any aliases, how do I replace the full names by their "first-letters" aliases?
Convert SQL containing GROUP BY and SUM() to active record in CodeIgniter
output sql data to html with hyperlink
Update all column names to be lowercase
SQL Server pivoting on data without an aggregate
Flagging a row in new column based on conditions on previous and current rows
replace or remove characters and then cast to decimal
Export specific rows from a PostgreSQL table as INSERT SQL script
Query to get only numbers from a string
SQL grouping result to half hour
table is specified twice both as a target for INSERT and as separate source of data
SQL to JSON Need Bracket for Array that can have multiple rows