I have a question that I didn't find the answer to, anywhere else.
Can clients change the values of function parameters, variables and ... that are in my scripts?
for example I have a button which calls a JS function which removes a product with the specified ID from the database):
<button onclick="deleteProduct(productId: 123);">Delete Product</button>
When the clients come to my website, they can open the 'inspect element' tool and change the value of the productId parameter of my JS function deleteProduct manually; so then they can remove any product by just changing the productId.
Is that so? If yes, how can we prevent it?
Yes. The user is in complete control of everything that happens inside their browser.
If you want to stop people deleting arbitrary things from a database then store the database on the server and apply a level of authentication and authorization to any request for a delete query on it.