Quote:
So how can I stop people from submitting this in the URL (GET) or with a tool (POST) and thereby allowing no access to said script unless used by my website?
You can't stop people from doing this.
I am not expert on this, but:
- You can consider that any client side check can be bypassed by malicious user.
- You have to recheck everything in your php script, including all the checks normally done on client side.
- Hiding the script URL will not help because the URL will be used to post the answer, and this can be detected by user.
- One of the thinks you have to check is that the user is legitimate and in a legitimate session.