Our business website has been compromised we just found out two days ago. Apparently, our security system was not efficient. Confidential information were put at risk together with our customer’s details such as credit card and social security numbers. Now we are looking for an efficient and comprehensive web application scanner. Do you have any suggestions? Preferably one that you have actually used in your system. Thanks in advance for your recommendations.

Hi! Have you tried asking Google? As much as I want to help you, I don't have any idea about this.

Google: best php script scanners
I think it can be almost impossible for such a "scanner" to find all the holes in the script.
Start with saving your webserver access logs and try to find the log entries created by the hacker, it would help if you know date/time when the issue happen. Such log entries can tell which exact php script was used to get data or gain access to the data.
Also always use MD5 or similar to encrypt client sensitive data in your mysql database.

Thanks for the replies! We went with this web security scanner (https://www.beyondtrust.com/products/retina-web-security-scanning/). And yes, it'll be like a second opinion. I'll take note of what you said too. :)