preventing bogus info from being submitted

[gnznroses]

i'm gonna be putting a Flash-based game on my website that submits the player's score to a php script. i found out tho that it's trivial to decompile an SWF and find out what url it submits to and the query string. how can i prevent someone from finding that info and simply submitting bogus scores? i know i've heard of and seen php session ids, but is that useful for what i'm doing?
i know checking the http_referrer is easily faked.

i have an idea, tell me if this would work: included in the query string is the contents of a text file on my server that i have read inside of Flash. i'm just not 100% sure if i can have a file that my flash can read that an end user cannot access. unless, maybe if i give it a .php extension, so that when a user tries to view it they just get a script error? is that feasible?

[.josh]

have php pass to flash a token, and pass the token from flash back to php, when the score is submitted.