It sounds to me like your PHP page is the only thing that has access to your data and you are using it as an API? - sounds about right to me and doesn’t sound like you are accessing data directly from your game client - I’d make sure that there’s no way to hack your URL to write anything or that it’s easy to figure out what’s what