Use a token system. Accessing the entry page, preferably by the submission and validation of a username and password, have the server randomly generate a token and store it in php (or whatever your server side language is written in) session variables. For any other data request of any kind, query the session token and validate it prior to accepting any data or executing any other code. This, of course, should be in addition to any sql injection correction you do on data received (side note).
Happy coding! Jm Sent from my iPad
