How to prevent users changing variables via firebug in ajax requests

Question

I allow my users to favorite an update or a forum topic. So when a user tries to favorite one of these i will send via Ajax 2 things, the item_id(update or topic) as id(ex.

Answer 1

Your server side script (PHP) must always assume it's getting bogus data. Never rely solely on javascript to handle any sanitization / verification.

If your javascript can determine if the job should be "update" or "topic", I'm sure your PHP can do that as well. Probably using a few more DB queries or some such, but that's the price you've got to pay.