lets say I have the following tables:
1. comments : c_id, a_id, body
2. articles : a_id, title, body

I have a comments system(similar to SO). But ofcource I have to provide the article’s Id that being posted on, and there’s many ways of doing that.

So, I went with the simple method, which is creating a hidden input with the ID of the article, just like this:
<input type="hidden" name="article_id" value="1" />
then simply it’s POSTed to the server-side. and inserted to the table using MySQL. But, isn’t it possible for a bad user to change the data in the hidden input?

For example if he change the hidden input and put an invalid ID, or an article that doesn’t exist or anything that I really don’t need. Is that something I should consider? since the only thing that will happen is invalid comment, nothing more. since I’m getting the intval of all integer inputs, I’m not afraid of any type of SQL injection.

Bottom line: Should I really care about invalid comments, and issue an extra query checking if an article exists first, which will take more resources, just to make sure no invalid harmless comments will be inserted.