and put in any postal code and then click submit...
That's not SQL injection. SQL injection is not if they put any postal code in, injection would be if they put the code and added additional characters into the form to inject your query. For instance, if the table was named products and in the postal code area someone entered the following instead of just a postal code:
90210'; DROP TABLE products;
Then your product table would be deleted. Use functions to sanitize your form data and prevent injection. It doesn't sound like SQL injection to me in this case, it sounds more likely that your data isn't properly formatted in the database.
I have changed the filed type from text to memo in the recent weeks.
This must have been the issue. I have changed it back and see if problem persists or not.
I don't think that change would make this difference, honestly.
SQL injection? Why would you think that? I would think it was more to do with your output code. In any case, I don't see the problem you are referring to. Everything looks fine.
Edit: Weird. There were no other replies to this post when I was reading it. Looks like you got the problem solved.
Yes! The issue is now resolved and it was remedied by the change of database field type change back from memo to text. But indeed it was more than that since the database of discussion was linked to the table that had the field type issue and was dependent on this data.
The reason I suspected sql injection is simply due to ignorance.
Thanks for everyone's responses which I don't know what I would do without!