Security: default value for text recordset parameter
I'm after a bit of advice, if someone can help. I'm moving away from integer parameters in recordsets (e.g. where id = 1) to text values, as I'm trying to use friendly urls.
So a recordset might have where pg_slug = $_GET['slug']. All this works and the correct page is returned, but I'm really wanting to know if there is a potential security risk here, as I have the default value as 'hjgubjvyu64565dx' (or similar random guff). Should the default text value be % or something else - or does it not matter?