Just makesure you do necessary safety checks with GET variables (url variables).
For instance if it's used for a page number use this
PHP Code:
<?php
if (is_int($_GET['id']))
{
//Do Stuff here
}
else
{
echo "Page Number was Invalid.";
}
?>
It will test that it's an integer, making sure no one's edited it with other things...
Use switch cases also.
If you're working alongside with MySQL and using the data from the URL variables makesure you
addslashes() or/and
htmlspecialchars(). To help prevent them submitting dangerous info.