#!/usr/bin/perl -wT
use strict;

use CGI;
use DBI; # I'm just assuming that you use the DBI module for
         # database connectivity.  Substitute another module
         # as appropriate.

my $query = new CGI;

# The regexes are for "taint checking"
$query->param('color') =~/^([a-zA-Z]+)$/ or die "Bad data in color";
my $color = $1;
$query->param('id')    =~/^([0-9]+)$/    or die "Bad data in id";
my $id = $1;

my $database = 'preferences';

my $sql = "UPDATE $database SET color='$color' WHERE id='$id'";

# now, connect to the database and execute the SQL.