In my site 404 is not working. If I give random text after the domain name it is redirecting me to my home page.

I am using SSU 3.6.6, zencart 1.3.8a

more over if the text has a ' (single quote), then it is giving a database error (1064)

Here are the examples:
(1) http ://www.salevalley.com/asdfgh - suppose to give 404 but takes you to homepage.

(2) http ://www.salevalley.com/xyz'
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/%' ) ORDER BY length(link_alias) DESC' at line 1
in:
[SELECT DISTINCT link_url, link_alias FROM links_aliases WHERE (link_alias LIKE '%/xyz'/%' ) ORDER BY length(link_alias) DESC]


These are causing PCI non compliance problems.