While working with Database records ,displaying them on HTML and storing their ID into a Hidden Field ,to get which one to update is not secure ,i tried something else but im not sure if that is enough Secure .
Currently im storing the ID and the md5 checksum of ID + Somekey within another Hidden field.
<input type="hidden" name="ID" value="1"/>
<input type="hidden" name="Hash" value="<?php echo md5($ID."MYKEY"); ?>"/>
And on back-end at PHP im doing the same thing and testing if their Equals.
<?php
$ID = $_GET['ID'];
$Checksum = $_GET['Hash'];
if(md5($ID."MYKEY") == $Checksum)
//Proceed Delete or update
?>
Im doing that because some one could just change the ID of a record and interact with someone else record.
The second solution was to check if that record was related to user by selecting it from Database and testing if that Exist's to that specific user ,but using the Checksum i thought it could be an Optimization !
So is it enough secure to use that way ,using Checksums and generating Dynamic Key's for each new Session.
Bests
