Just make sure you are not sending along the user_id
for example through js
and ajax
since that could easily be manipulated to make other users like
something they didn't click on.
If you use something like:
if(isset($_POST['like_id'])
{
$like_id = (int) $_POST['like_id'];
// some more checks (ie. does this id exist?), and then:
$user_id = $_SESSION['user_id'];
echo $user_id . " likes post " . $like_id;
}
than all a "malicious" user could achieve, would be to make his account "like" something without going through the actual link.
On the opposite if you use:
$user_id = $_POST['user['user_id']; // don't use this!
than any user could send any user's id and make them "like" something they didn't request which you wouldn't want to allow.
In General
Do not rely on ANY data coming from a POST
or GET
since that could be easily changed so make sure that id is an integer, make sure that id exists and then after making all necessary checks update your database accordingly.