[RESOLVED] Secure data transfer?

[Arightwizard]

Hi,
So I'm trying to make an online game with PHP, and I want to add a highscores feature into it. To do this, I need to keep track of the players score..
Like
$myscore starts as zero, then continuously adds 1 point until it's big enough for the highscores.

My question is, how can I transfer the $myscore data from one page to another without the player being able to intercept the transfer and edit their score to hack the game?

E.G, if I put it in a GET form, they can just edit it in the URL..
If I put it in the POST form, they can use tamper data..
If I recode the game in javascript, they can edit the javascript with firebug..
If I recode the game in Java, they can download the .jar file and edit the source code with notepad.

So what can I do?

TL;DR: What's the safest way to transfer data in PHP without interception?

[kows]

you're probably looking for sessions. this allows you to store temporary data (for up to 20 minutes of idle time by default, but it can be changed) on the server about this particular client connection.

if this user's score is supposed to persist forever, then you might just want to update the score and store it in a database instead. sessions will eventually expire if the user goes idle for too long, and this makes them great for a login system and things like long forms/shopping carts.

if you need some help implementing or have some more questions about how sessions work (or possibly even how to store something in a database), please feel free to post them.

edit: oh yeah, and a quick note -- that page does not mention it, but session_start() needs to be called on every page that will be using sessions, and needs to be called before any output is sent to the browser. so, at the top of any of your scripts that should deal with sessions, make a call to session_start(). if you have a configuration script (for constants, functions, or a database connection) I would suggest making this call in there and just including that configuration script in every file.

[Arightwizard]

Ah, stupid me - I completely forgot about sessions.

Thanks, kows.

*Marking as resolved*