I want to improve security of a multiplayer online game written in php
and mysql. Because I'm new to this stuff I would appreciate some tips.
If you have time look here http://web.rulex.net/archi/Medieval_Lords/
and check what are the main problems (please don't hack it more than
needed because there is a test game taking place there, just to say what
is wrong without crashing it).
I think it will need:
1) create a system of email authorisation for new users who want to
register (I know how to do it, so ignore this - unless there are some
really strange things I should be aware of).
2) mysql user input checking. User can affect database directly by
registration (username, password) and messages to other users (subject
and text). This can mess the database if they put for example "'" symbol
in their username. What are the other dangerous characters? How should I
protect/limit username and message text (I understand I should use
functions like strip_tags() or similiar, but there are plenty of such
functions and I don't know which to choose).
3) any other security issues?