Help with javascript/php mysql record updating

[Darkmatter5]

I have a checkbox in a form that has the following code.

 

<input type='checkbox' name='display_boxart' value='1' " .($userprefs['display_boxart']=='1'?"checked":""). " onchange='change_pref(\"display_boxart\",this.value,\"$userprefs[member_id]\")'>

 

Now here's the Javascript function change_pref

function change_pref(pref,str,id) {
    xmlHttp=GetXmlHttpObject();
    if (xmlHttp==null) {
        alert ("Browser does not support HTTP Request");
        return;
    }
    var url="change_prefs.php";
    url=url+"?p="+pref;
    url=url+"&t="+url;
    url=url+"&i="+id;
    xmlHttp.open("GET",url,true);
    xmlHttp.send(null);
}

 

And here's change_prefs.php as referenced in the javascript function

<?php
  include('library/config.php');
  require_once('library/vein_funcs.php');
  ($_GET['t']==""?$_GET['t']==0:$_GET['t']==1);
  $query="UPDATE members SET $_GET[p]=$_GET[t] WHERE member_id=$_GET[i]";
  $result=mysql_query($query) or die(mysql_error());
?>

 

My intent is when the user changes the check box to checked or not checked the members display_boxart value should be changed to 0 if display_boxart is unchecked or 1 if display_boxart is checked.

 

Am I on the right track? Is this the wrong way to do this? Is there an easier way to do this?

[gffg4574fghsDSGDGKJYM]

You may want to add this to your php :

 

change_prefs.php

<?php
$t = (int) $_GET['t'];
$p = (int) $_GET['p'];
$i = (int) $_GET['i'];
?>

 

To prevent SQL Injection. And make some test to be sure the user has the right to do this action before doing it or else anyone can change data in your database.