I have a little game inside an html-page which runs completely under JavaScript. When the game is finished I want to save the score of the player into a database using php. It would be something like:
/savescore.php?user=John+Doe&Score=1234
Because this is called from within the JavaScript I cannot really limit operations on the referer. How can I prevent users from just sending any score they want?
jQuery is in use, if needed.
Obfuscation is NOT a valid option for me in this case.
You can't really. You can only make it more and more difficult until the vast majority of would-be-hackers gives up.