I’m fairly new to server side coding and am currently setting up a site which involves pulling objects from a database, allowing a user to edit them, and then re-inserting these elements in to the database.

However, I’m not sure how to prevent the user from ruining the database through the use of development tools.

Essentially elements are displayed in a list and each element is a script. It has it’s own unique ID and a name (not necessarily unique). So, when it is pulled from the database, the name is the list’s text and the id is contained within an attribute field. When they’re edit, I pull the id from the html attribute and use that to save any changes to the database.

Of course, I make checks server side to determine if all of edits the user made are allowed.

But, the problem I’m running into is that the user could easily open up any form of developer tools, change scripts Id’s (switch them or vary them in any way they please) and this would definitely hurt the database.

Could someone provide me a few techniques to prevent this issue? I’d really appreciate it. Thanks!

I don’t know how it’ll help, but the majority of my code is in Javascript (using jquery and jquery ui) and php (using CodeIgniter as the framework).

EDIT:

Imagine two elements

Id -> Title -> Description

5 -> Hello -> World

6 -> Bye -> Sleep

On server side, these are displayed as lists and there’s an alternate way to edit the values.

<li data-id=5>Hello</li>
<li data-id=6>Bye</li>

Someone can load up fire bug and change the data-id’s that I use for queries, say make the first one 7. Or swap both. In this case, that doesn’t really matter, but it’s actually more for my curiosity, is there any way to prevent this?