If you don't do any string sanitization server-side, it's probably XSS vulnerable. If you want to test try copy-pasting some of the strings on this site into the name-field when you get a highscore: owasp.org/index.php/XSS_Filter_Eva...
If you're storing the highscores in an SQL-database, you should be safe from sql-injections as long as you use parameterized queries, I think.
If you don't do any string sanitization server-side, it's probably XSS vulnerable. If you want to test try copy-pasting some of the strings on this site into the name-field when you get a highscore: owasp.org/index.php/XSS_Filter_Eva...
If you're storing the highscores in an SQL-database, you should be safe from sql-injections as long as you use parameterized queries, I think.
I haven't started testing yet, but this is the code I've got for filtering/sanitizing the one and only user input field:
$name = trim(stripslashes(strip_tags(filter_var($_POST['name'], FILTER_SANITIZE_STRING))));Thanks for the link - that will be helpful when I do start testing.
Now, parameterized queries - that's something I don't know about yet....