I'm not sure exactly where your SQL Injections are coming from, but I'm currently starting up my own server and from what I've heard, are you using PHP register script? I was told you need to have your registering inside your launcher so that people can't Inject you, other then that Idk :c