javascript - Secure way to write a file to a web server -

i'm trying javascript function call php function write text file web server can store simple data game without using databases. allow random people call function console (opened pressing f12) , therefor write files web server.

is there way fix this? wrong , have start over? or not possible?

---

my current code:

test.html:

<script src="js/php.js"></script> <button onclick="phpfunc('test.php', 'write(\'hello, world!\')', alerttext);">test</button> 

js/php.js:

function getreq() {     var req = false;     if (xmlhttprequest) req = new xmlhttprequest();     else {         try {             req = new activexobject("msxml2.xmlhttp");         } catch(e) {             try {                 req = new activexobject("microsoft.xmlhttp");             } catch(e) {                 return false;             }         }     }     return req; }  function phpfunc(url, func, success) {     sfunc = func.split(")")[0].split("(");     rfunc = sfunc[0];     rparams = sfunc[1];      var req = getreq();     if (!req) return false;     req.onreadystatechange = function() { if (req.readystate == 4 && req.status === 200) success(req.responsetext); }     req.open("get", url + "?t=" + math.random() + "&func=" + rfunc + "&params=" + rparams, true);     req.send(); }  function alerttext(text) {     alert(text); } 

test.php:

<?php     function write($text) {         $file = fopen("test.txt", "w");          fwrite($file, $text);         fclose($file);     }      {         $func = $_get["func"];         $params = explode(", ", $_get["params"]);         ($i = 0; $i < count($params); $i++) {             if (is_numeric($params[$i])) $params[$i] = (int)$params[$i];             else $params[$i] = str_replace(array("\"", "'"), "", $params[$i]);         }         call_user_func_array($func, $params);     } ?> 

---

also english not first language i'm not sure if typed correctly.

never trust client app.

javascript apps easier abuse compiled apps, because tools manipulate javascript more accessible more people.

if @ possible, have web server interface allow client report actions taken in game, , have server responsible determining , recording result. can apply "reasonableness" check actions client reports.

you can make harder people cheat using javascript obfuscation. not silver bullet, reduce pool of people have skill exploit javascript interface manipulate game.