I'm not sure if the injection attack is related or not.
It sounds like you recompiled after dropping and creating the script and got an execution plan that didn't run well. I've seen that type of thing occur with my stuff.
It's also possible that the ANSI_NULLS or some other settings generated by the script were not the same as they had been and were incompatible with your web app.
Those are my best two guesses.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning