the value should only be a positive integer value, since it's an id
number. We do sometimes use other variables that could be a letter, or a
string of text, for example, the search results pages.
$variable = "0";
if (isset($HTTP_GET_VARS["id"])) {
$variable = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS["id"] : addslashes($HTTP_GET_VARS["id"]);
}
Should I be using mysql_real_escape_string