When using $_GET, please consider the security implications of this, as an attacker can post whatever they want, which gets included into your code, unless you are careful and sanitize it and check for VALID values, don't just use whatever is returned.
Instead of using this, i would recommend a function, which will return a sanitized version of the $_GET['variable']
I personally have a function _GET($par, $parType = '')
this means i can swap this into the code for $_GET['variable'] such as _GET('variable')
the function then checks if the second (optional) parameter has been checked:
if($parType == '')
{
$parType = gettype($par);
}
next, we need to sanitize the string, to ensure no really bad stuff can happen. Check the type to ensure we filter correct type of data, for example if type is 'email' then:
$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_EMAIL)
or
case 'int':
$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_INT);
you can read some good security information on OWASP, but it isn't targetted to PHP.