how to prevent hacking from POST method

I have a script that use $_POST variable to store to the database.

There are some users who is trying to cheat the system by making their own post form method or using curl to send post variable and value to the server.

How can I prevent this attack?

Thank You

Prevention isn't possible (POST being safe is an oversimplification myth). You have to validate the incoming data with various methods:

• CSRF tokens help against arbitrary form submission bots (but not against handicrafted tampering)
• enumarate the expected form values, assert() that all are present and no extraneous fields show up
• sanitize and filter on expected values. I use $_POST->text->in_array("field", "abc,def,xyz") for example

There is no way to stop people making arbitrary HTTP requests.

How you defend yourself depends on what the content of the request is and why it constitutes an attack.

You can make sure that POST is made from your form via capcha kind of protection or You can sanitize each $_POST variable and reject whole POST data if it don't satisfy criteria.

This attack have a name "SQL injection". It's not too hard to protect from it. Just use magic_quotes if your value is string and use filter witch skips onlu numbers if your value is number.