Start a new thread, because I think you'll get some other valuable replies with a topic heading like "Any tips to strengthen my php code against SQL injections and other attacks?" and then just ask for some ideas...
First steps though are to make sure you filter all GET/POST variables to ensure that they are what you expect, that you remove html code and script code when it shouldn't be there, initialise any other variables to blank or default values (which avoids problems if you or future users have php "register_globals" on) and finally that you double check any variables you're using in sql statements to ensure they don't contain things like " ' UNION SELECT .....' ".
PHP has some built in functions for filtering strings, email addresses, etc which you can use like filter_input
. I think you could add it (fairly easily) into your mss function (not sure what that does in your code, but looks like you're using it to do some checking already?).
Knowing a little bit about regex filtering will also be a big help here (with things like removing HTML from input).
I can re-post some of this in your new thread with a little more detail.
Well done with the forum stuff though. You should chat to Ndogg, he has written his own forum software too.