Security precautions when updating database row via URL segments

[eluser]Aken[/eluser]
Changing $field to a column that doesn't exist will throw a SQL error, potentially showing me information about your database you might not want me to know. Same could be said for $value in certain situations.

Also, what if I don't have access to change the row belonging to the unique ID? Nothing stopping me from doing it there...

Never trust your users. Do not allow them to control what your query looks like, ever.