Hi Hammy.
I had the same problem with a game I made. The game is located at:
http://www.queenfans.com/games/ogre_battle/wizard.cgi
I started off using hidden fields in the forms - but people started putting their own values in, and ended up with 1,000,000 gold pieces, loads of strength, etc. *Gives PodMaster a dirty look*
I thought about using cookies to store the data, but like you say, not everyone accepts cookies. So the solution I came up with was to save all the data into a file, and just have the session id in a hidden field, with the session id corresponding to the file. As the data is all in the file where it can't be got at, the values can't be changed. I also added a routine to delete files over 1 month old, so as not to end up with a huge amount of saved data.
Would this approach be any good for you? |