I'm developing a game in PHP/jQuery, and naturally have to be wary of any sort of data coming from the client.

At present, I have tables of data representing the map (2D roguelike), monsters, items, and player(s). Initially, my thought was to simply package it all in a JSON object and send it every game tick, however when actually looking at the data I realized that's quite a large packet to be sending.

So, my question is what is a good approach for minimizing data sent to the client? Obviously I would need to figure out some way of validating whatever it sends back. Initially we'd hoped to do some minimal verification on the client-side, but each time we thought of one thing we could do it is immediately invalidated with tools like Firebug.

Kind of an open question I realize, but we want to get this right before we move on with our implementation so we don't have to shoehorn in bugfixes later on.