check url variable is valid in php

hi I have a site where the links menu is read from a database and created in the format of index.php?page=mypage

how can I chec开发者_Go百科k that "mypage" is a page that exists in the database, so that users can't just add anything into the url?

thanks xx

If your pages are stored within the database: check the result set of the SQL-Query you´re sending to the database and don´t forget to escape characters to deny possible SQL-injection... ( mysql_real_escape_string() )

Use a whitelist approach, something like this:

$allowedKeys = array('myPage', 'yourPage', '...Page');

$_GET = array_intersect_key($_GET, array_flip($allowedKeys));