I need a safe solution: it needs to be done in PHP at server side.
I use Datatables Editor PHP Library.
I have a table like:
MY_CARS: id, make, model, plate, vin, owner_id
I want the user to be able view, add, edit and remove only their own cars.
SELECT:
I can limit the list of cars shown to the user with where conditions like this:
$editor->where( 'owner_id', $user_id );
This seems safe for SELECT.
But it is noted in the manual: "It is important to note that the conditions applied by Editor->where() are used only on data fetch."
INSERT:
When creating a new car I can set the field like this:
$editor->field(
new Field( 'owner_id' )
->set( Field::SET_CREATE )
->setValue( $user_id )
);
This seems safe for INSERT.
UPDATE & DELETE:
For DELETE I have no idea.
I could do this for UPDATE:
$editor->field(
new Field( 'owner_id' )
->set( Field::SET_EDIT )
->setValue( $user_id )
);
This doesn't seem safe at all. If user send a malicious request to the server with a modified id field of a car owned by another user this would mean that the row with that id would change to the malicious user. This would result in potential information disclosure and "a theft of a vehicle" 
If I would use SQL directly, I would just add a additional WHERE condition to the SQL command like this (sorry for the PDO style):
UPDATE CARS .... WHERE id = :id AND owned_id = :owner_id;
DELETE FROM CARS WHERE id = :id AND owned_id = :owner_id;
How can I make this safely with Datatables Editor PHP Library?
Edited by Allan - Syntax highlighting. Details on how to highlight code using markdown can be found in this guide.