Hello forum!

Let me preface this by saying that my SQL/PHP experience is rather limited. I've essentially just done things like adding hacks and mods to existing free script sets such as phpBB3, Coppermine, etc. I've been reading some online tutorials on both, and have recently set up an Ubuntu box to play around on, so I'm picking up a bit more here and there.

I have a project in mind, and I'd like some feedback on the best, most secure way, to go about this. I run a game modification forum for a single player RPG. An associate of mine recently created a small program can accept data from the game and insert them into an SQLite database.

We want to make a site that displays a player's game stats. So for example, they will first register a username with the site, and then request a new character ID. They will put this ID into the game, and it will be used to identify this character in the database. On the personal PC, at certain intervals, the character data will be sent to the local database. Anybody on the web site can go in and view the current stats of any character. It will be categorized by user, then characters.

The thing I need to figure out is how to best get the info from that local database into our online one. Ideally it would be nice if it could be updated at near-real time (the game data will probably only be written once every 5 minutes or so.) But if necessary, we will make it so that the player has to manually upload the information.

So how can this be done securely? We are kind of paranoid after being hacked last year because I was using an uploader script that had some serious flaws. So I want to avoid the possibility of someone adding data to the database that will compromise our system. Or is that even really a concern with such a system?

Thanks for your help with this, it is greatly appreciated!

--Fliggerty