Hi Robert,

You can get the indy components from the The Indy Project if you haven't already got them.

As for an answer, FNX beat me to it, although there is one potential problem when using multipart form data. If the encoding of the request ends up as 'multipart/form-data', then actually extracting the data from the request at the server end can be tricky (largely depends on the language/server that will be receiving the requests).

Whilst the data you want to send could be considered large, the HTTP 1.1 specification specifically states there is no upper limit on the length of URI's, so you do have another option available to you.

Using the Indy HTTP client again (TIDHttp), you could do this....

[pascal]
requestResult := http.get('http://www.yourdomain.com/yourscript.php?name=' +
urlEncode(playername) + '&score=' +
intToStr(playerscore) + '&difficulty=' +
intToStr(integer(playerDifficulty)));
[/pascal]

When this call completes, requestResult will contain the HTML that was returned by the server. If you want to look at the response codes, you can do so using the 'responseCode' property of TIDHttp. The advantage of using this is that the data is guaranteed to be easily accessible no matter what is sitting on the server.

The only issue is that the method above uses GET as opposed to POST, but really there is no difference between the two, except a POST is slightly more difficult to simulate without knocking together an HTML form. Neither method on its own will offer any protection against rogue entries, but you can protect it yourself by using the basic authentication mechanisms built into the HTTP protocol.

You could create a random username and a password that forms a one way hash of the username and the data you are sending. These could then be sent with the request like so (ideally, one, or preferably both, of these will be encrypted before you pass them to the HTTP client)...

[pascal]
IDHTTP1.request.username:=requestUsername;
IDHTTP1.request.password:=requestPassword;

requestResult:=IDHTTP1.get(.....);
[/pascal]

So long as the server is configured to allow public access to the script (or whatever is processing the request), you can then access these values within the script and establish whether they are legitimate or not.

Just some food for thought.