Editing on page

Authorization check must be in admin / edit.php and /admin/delete.php. Otherwise, a direct link anyone can edit and delete data. It is better to do it in one place and connect in these 2 files. Or implement one common entry point in the admin like this:

 <a href="../admin/index.php?action=edit&id=<?php echo $id; ?>"><div class ="edit">Редактировать</div></a> <a href="../admin/index.php?action=delete&id=<?php echo $id; ?>"><div class ="delete">Удалить</div></a> 

In my experience, it is wise to use a separate admin panel, and not to form action buttons directly on the front. Actually, in order not to interfere with everything in one bank, they separate the front end and the backend separately (although it is better to have a front / api / back).

In terms of security, I would add more HTTP authorization to the admin directory. And so, if you check the existence of the session, then there is no particular difference - there will be a person going by /admin/edit.php or /admin/index.php?action=edit, i.e. a matter of taste. I would use addressing settings (like cnc) and wrote / admin / page / edit / {id}.

This removal can be beautifully wrapped in requests to the server in AJAX. With indication for example of parameters such as ID or something there that needs to be edited and the administrator's token.

1. The token will give a greater degree of security.
2. AJAX will help you perform this miracle without reloading the page. Fast and beautiful.

In general, I use template engines to build the Frontend.

then it is more convenient to restructure the layout. After a while.