Any info on what exactly the exploit does and which databases are targeted? I'm impressed that an indiscriminate injection attack is so successful on a wide range of websites.
Look I am not trying to start a flamewar here, but if his code is developed without knowledge of sql injections then they are almost certainly vulnerable.
It is almost impossible to fuck up prepared statements, so although they take longer to write it is a good way to secure a website.