Insert, Update, Delete ... when not to use $_GET or $_REQUEST

Two days ago I had a quick chat with a friend from coreoil.net. We both received a mail telling us not to go to a website. He said, that just visiting a page, cannot be harmful.
Well, I had to agree to a certain extent because the odds of a successful attack are very low. But there are some pages, that are open for attacks. Lets say, you are logged in at a custom page created by a price dumping kid who just knows to create SQL injectable code. Since it's your page, you sure have admin privileges and are always logged in.
So far, no problem.
Now you receive this email, telling you to go to a website. Still, no harm. On this page is an image, pointing to <img src="http://www.your-page.com/delete.php?id=12" />. By just going to that page, you would be deleting something from your website through a GET request. Without the use of JS there is no SOP that will protect you. This image request is using the GET method because you just want to get something. Deleting is a manipulating request, so you should use POST variables only. If there is no POST variable (which can be created by submitting a form) manipulating calls should ignore the request. By replacing your $_REQUEST and $_GET variables with $_POST you successfully improved security to your system.