|mysql_query("update table_1 set path='" . $path .|
"' where id='" . $id . "';") or die(mysql_error());
That would *probably* do, but you'd want to clean the text in path and id though to make sure there isn't anything nasty.
You can check the query by using mysql_affected_rows() right afterward; it returns an integer.
One other thing, since you're using $_GET - you might wish to cast it as an integer.
bool settype($varname, "integer")
If the conversion fails, then there might be tainted data; for example, someone entering an uri directly ?path=admin&id=password--