This is not about SQL injection prevention, which is covered in other questions. My question is: Once an attack succeeds, is there a way to completely stop the attack right away while we look for and fix the vulnerability? I'm hoping to keep the database online for regular users, but prevent damage to it.
You could set the database into read-only mode, if your application can handle it - and I stress the IF.
Still, that leaves the wide field of information-disclosure vulnerability (e.g. if you encrypted passwords instead of hashing them with a strong hash algorithm + salt, birthday dates (credit card fraud), email addresses - spammers lov'em).
The only way to really prevent the leak from being exploited is to take the database offline IMMEDIATELY, fix the bugs, and then put it back online as fast as possible.
An intermediate solution would be to backup the database (after setting it read-only), and then update all confidential information with bogus information on the online version.
e.g.
UPDATE T_Users SET e_mail = '[email protected]', birthdate = '19000101'