I believe you're referring to Cross-Site Request Forgeries (or CSRF); in which the database API would have no affect on it. A security feature known as a nonce can help prevent the problems you're having by passing a unique token through the request URI (and validated on the other end with a session variable). Here's a quick example to demonstrate:
Originally Posted by claro
$_SESSION['nonce'] = md5(mt_rand());
<a href="action.php?do=delete&gid=1&id=1&ext=php&tok=<?php echo $_SESSION['nonce']; ?>">Delete Something</a>
That's one common method of preventing CSRF; the other method (if you didn't want to go through the hassle of setting up nonces) would be to handle the data via the HTTP POST method.
if(isset($_GET['tok']) && $_GET['tok'] === $_SESSION['nonce'])