If he has figured out a way to inject his info into the admin table in the database you COULD prevent him from logging in by using the htpasswd feature, which is what Cpanel does I believe. But if he can inject into any table in the database then we have bigger problems.