Security precautions when updating database row via URL segments

[eluser]Billy Shall[/eluser]
Normally i'll attach an onchange to a select group for quick changes to a row such as:

Code:

<form>
  <label>Update Status</label>
  <select name="update_status" THE-ONCHANGE="this.form.submit();">
   <optgroup label="Active">
    <option value="1">New</option>
    <option value="2">Updated</option>
    <option value="3">Awaiting Response</option>
    <option value="4">Good Standing</option>
   </optgroup>    
  
   <optgroup label="Inactive">
    <option value="-4">Closed/Resolved</option>
   </optgroup>
  </select>
&lt;/form&gt;

However since adopting twitter bootstrap, i've been trying to set this functionality into their nice looking button dropdown menus.

I've come up with a solution using links instead of the post data:

Code:

<div class="btn-group">
  <a class="btn dropdown-toggle" data-toggle="dropdown">Mark As <span class="caret"></span></a>
  <ul class="dropdown-menu">
   <li><a href="controller/change/&lt;?=$row['id'];?&gt;/status_id/4">Live/Good</a></li>
   <li><a href="controller/change/&lt;?=$row['id'];?&gt;/status_id/3">Awaiting Review</a></li>
   <li><a href="controller/change/&lt;?=$row['id'];?&gt;/status_id/2">Pending Content</a></li>
   <li class="divider"></li>
   <li><a href="controller/change/&lt;?=$row['id'];?&gt;/status_id/0">Deleted</a></li>
  </ul>
</div>

The function for updating the database row would be something like:

Code:

function change($id, $field, $value)
{
  $this->db->where('id', $id)->set($field, $value)->update('table');
  redirect('controller');
}

Aside from Filtering/Validating/Escaping the data and obfuscation of the $id into a unique key, am I going in the wrong direction here? Opening up security holes? Is it a better idea to stick to the good ol' form data?

Thank you!