It is better to do it by method POST as you have mentioned, since you are going to do UPDATE . Even so I'll leave you an example like sending a ID protected back and forth by method GET .
We generate a clave and save it to your server, either in your connection file PHP or in your database, that is, a safe place, so you can work with it when necessary.
$clave = 'KFpt%5WAQR%ZMBJ-'; //Generamos clave.
We create the ID protected with the function MD5 and add the key and ID.
$id_protegido = md5($clave.$tu_id);
The url would look like this:
echo "<a href=url.php?id=$id_protegido>abrir</a>";
Let's see the process as receiving the id with protection and create our query SQL .
//Obtenemos ID.
$id = $_GET['id'] ?: '';
//Nota, $clave la debes obtener para concatenar la cadena para asi hacer la comprobación del 'id' correctamente.
//Sentencia prepare.
$stmt = $conexion->prepare("SELECT id,nombre,expulsar FROM tu_tabla WHERE md5(CONCAT(?, id)) = ?");
//Ligamos parametros marcadores.
$stmt->bind_param("si",$clave,$id);
//Ejecutar sentencia.
$stmt->execute();
//Registros almacenados.
$stmt->store_result();
if($stmt->num_rows===1){
//Salida data.
$stmt->bind_result($id_BD,$nombre,$expulsar);
$stmt->fetch();
//Cerrar sentencia.
$stmt->close();
} else { $stmt->close(); }