I know there are already tons of PHP forums available, but this is just a proof of concept for myself I suppose. So the problem I have is when a user goes to post a reply to a thread, I have an invisible input which post the thread ID to the page I have which enters the reply into the database. The actually problem being that the POST field can be easily manipulated allowing the user to change what thread he/she were actually replying to. Now, with that being said. I could check right before the data is going to be entered if the user has permission to post/read/view that thread or category.
There has to be a better way to do this. How can I retain the thread ID that they're replying too?