How to prevent injection when user is supplying an arbitrary URL parameter? that’s why we need a validation, also trim, htmlentities and htmlspecialchars needed