I'm wondering if $_POST & $_GET can have issues with security.
Let's say i have an AJAX code that sends the data to a PHP file with the following:
if(isset($_POST['id'])) {
$client_id = mysql_real_escape_string($_POST['id']);
$client_name = mysql_real_escape_string($_POST['name']);
//Delete the Client
$sql="DELETE FROM clients WHERE id='".$client_id."'";
mysql_query($sql) or die(mysql_error());
//Client Pages Delete
$sql="DELETE FROM fanpages WHERE client='".$client_name."'";
mysql_query($sql) or die(mysql_error());
Now let's say the PHP file name is delete.php any user can just write something like delete.php?id=423&name=Jack and it will shout the query and delete the client?
I was thinking about adding a COOKIE check at the beginning but as far as i know COOKIE's can be faked as well, am i right?
So what is the solution for making safe $_POST & $_GET requests with the combination of DB quires?
EDIT: All this happens inside of a user-password secured area but I'm asking about the sole delete.php file, do i need to add a COOKIE check to this file as well?
EDIT2: The script is working with COOKIE's not SESSIONS, should i add SESSIONS to the system as well? is it necessary to have cookies and session on the same system?
