I have a button on page wich call php file like below:
message_sql.inc.php?act=delete&message_id=1
there is a efficent way to prevent run url directly from browser and only called from script?
What you try is not a really good idea. You should use POST requests to submit delete forms and save them with a token for example.
And you should save your script with a session and a login. That no one can submit that directly.