I've modified smf and added a lot of new forms and new database tables. I don't do much input verification. I know that the checkboxes, drop-down menus and 4 character max-length text inputs aren't much danger. But when it comes to text areas, I think that's where my main vulnerability is.
I've been trying to figure this out and I also tried to do sql injection (on my own forum) but I haven't managed to get it to work. The reason why I am trying to fix this is because it's not a good idea to leave it as it is and someone has already managed to use that sql injection technique. Or I think that's how they did it.
I guess no help here