SQL injection | Changing id values

SQL injection | Changing id values

I'm stuck with an sql injection problem. My page displays the table's data
as follows:
<input type="checkbox" name="id[]" value="<?php echo $row['id']; ?>"
/><?php echo $row['data']; ?><br />
How can I be sure that the submitted value is the id of this specific row
an not a random number "injected" in the page?
Obviously, I would start checking that the id returns true to is_numeric()
/ get it through mysql_real_escape_string().
Then, I thought of two options:
Adding a hidden input with a copy of the $row['data'] so that I can check
the correspondence between the id and the data before any mysql_query()
Changing the row's id from an auto incremented number to a large random
number, so that I could lower the chance of a lucky hit.
Do I have it wrong? Any better idea? Thanks for your help!