The simple alternative to this problem could be solved by granting appropriate permissions in the database itself.
For example: if you are using a mysql database then enter into the database through terminal or the UI provided and just follow this command:
GRANT SELECT, INSERT, DELETE ON database TO username@'localhost' IDENTIFIED BY 'password';
This will restrict the user to only get confined with the specified query's only. Remove the delete permission and so the data would never get deleted from the query fired from the php page.
The second thing to do is to flush the privileges so that the mysql refreshes the permissions and updates.
To see the current privileges for the user fire the following query.
select * from mysql.user where User='username';
This answer is essentially wrong, as it doesn't help to prevent an injection prevention but just trying to soften the consequences. In vain.
Right, it doesn't provide a solution, but is what you can do before hand to avoid things.
@Apurv If my goal is to read private information from your database, then not having the DELETE permission means nothing.
@AlexHolsgrove: Take it easy, I was just suggesting good practices for softening the consequences.
@Apurv You don't want to "soften consequences", you want to do everything possible to protect against it. To be fair though, setting the correct user access is important, but not really what the OP is asking for.