When a user starts playing the game, you could get a token from the website (create it using uniqid() ) and then when the game ends the game transmits that token back with the score.
Ultimately though, using $_POST would be a wiser choice but even that is hackable.
You could also use the token as an encryption if you can find some encryption code that will run in your game. Take the last 2/3 digits from the token and use them as a key to encrypt / decrypt the data before it's sent to your website. That would have most people pretty stumped for a while but even that is crackable although it will make life much harder for most.
For the first suggestion:
I could possibly do that, but if the site/host goes down for that second that the game is getting the token, then there scores wouldn't be updated. I don't know, its kinda complicated with the way I have to retrieve stuff from the internet through the game, it doesn't really work out great.
I thought of doing that, but it isn't completely secure. This will probably be the next thing I do since it is better than what I got, but I am hoping to find a way that won't be beaten by someone that doesn't know how to hack.
Well for the first, if the website goes down then the game scores are lost anyway. That being the case you might as well have the game (I'm assuming this is flash based?) record he scores somewhere and als be able to auto generate its own unique token and submit them if its unable to obtain them. It'll be a rarely used feature so the odds would be smaller of a hacker finding it with a packet sniffer (though not impossible). That said, if contact with the server is down, you could always just stop the game from running and display an error message.
Second you might want to look into transmitting your data over an SSL connection instead.
Sorry, I got distracted with something else and forgot to check this...
I am not using flash, I am using game maker 8.1, not great but it works. That is true though, if the website is down then the scores wouldn't be recorded. But the scores are recorded at the end of the game, so if it checks for a token at the beginning while the site is down, at the end the site will probably be up without a token. But really that isn't a big deal and can be changed to work.