I am writing a program to be run on a server that takes input from clients in the form http://mywebsite.com/program.php?input=42
I'm concerned that having the client be able to give any value in place of the 42 above could be a security risk because they could put code there that might run on my server. I would like to know if checking that this input is only alphanumberic before proceeding to do anything with it is sufficient protection. If not what should I do to be secure, if so, are there any safety concerns regarding the way in which I do this checking (for example, while checking that the input is alphanumberic could the input if it is malicious code some how get run?)
Thanks