// MAKE SURE THE URL PARAMETER IS SOMETHING USABLE
$key = isset($_GET['key']) ? $_GET['key'] : FALSE;
if (ctype_digit($key))
{
    /* SAFE TO USE $key IN A QUERY */
}