I want to use Ajax to update data in the database for each of the small blocks in my site. I searched on net and found some code on w3shcools.com for updating mysql database using Ajax. In the example it used to call a PHP page using GET method and passing the parameters as query string.
I used it in my code and working good.
Now I want to know am I using right way to update database? As user can view the path of the php file and the parameters I am passing in the page source at browser. User can hack it very easily by simply calling my internal php page with passing parameter with GET method.
Is ther any way to improve security or any other way to update my database without page refresh.