i'm having a site and in that site a page contains AJAX code.
A javascript function has a HTTP request to another page with some arguments in the url, the server page gets the values from the url and insert them to the database.

Someone had looked at my code and then hacked that to enter wrong values into the database.

he directly called the javascript function from the location bar itself.

How should i prevent this??