Ajax Post Security Question

so i have a problem, i have this code:

$params = "'plname=" . $player->username . "&plmiss=" . $player->miss . "&plmaxdmg=" . $player->maxdmg . "&plmindmg=" . $player->mindmg . "&plhp=" . $player->hp . "&plmhp=" . $player->maxhp; 
        $params .= "&enname=" . $enemy->username . "&enmiss=" . $enemy->miss . "&enmaxdmg=" . $enemy->maxdmg . "&enmindmg=" . $enemy->mindmg . "&enhp=" . $enemy->hp . "&enmhp=" . 开发者_如何转开发$enemy->hp . "'";
        buttonform("pvm.php","Attack",$params);

buttonform function:

function buttonform($page,$texto,$params)
    {
    ?><input type="button" onclick="ajaxpost('menu','<?php echo $page;?>',<?php echo $params;?>);" class="button" value="<?php echo $texto;?>"><?
    }

so you guessed it the function will create a button that when be clicked will send an ajax request for the pvm.php + $params.

but the problem is that $params is confidential and should not be avaiable to change. but if we enter in the page code (ive done this with google chrome developer tools) we can change those variables to what we want, and that is what i dont want. if anyone can help me to make those variables not avaiable for change, THANKYOU!

Anything loaded into the user's browser is available for change. You'll have to store that information server-side.

To that end, take a look at PHP sessions:

http://www.w3schools.com/PHP/php_sessions.asp

http://www.php.net/manual/en/book.session.php