I’m trying to create a button similar to Facebook’s ‘Like’ button which is applied to each item in a list. When a user clicks the like button this item is favourited for the logged in user. For the moment I do this in the following way:-
<div id=”item_<?php echo $row[‘item_id’];?>” onclick=”like(<?php echo $row[‘item_id’];?>)”></div>
Obviously this is very unsecure because anyone can easily modify the item id stored in the like() function in the onclick property and like any item thes guess the id of.
My question is how do I make this secure by either not displaying the id of the item but still having it accessible to my like function or via some other method?