php security for location header injection via $_GET

Question

I\'ve got this code on my page:

header(\"Location: $page\");

$page is passed to the script as a GET variable, do I need any security? (if so what)

<

Answer 1

Or, at the very least, define a whitelist of allowed URLs, and only forward the user if the URL they supplied is in the GET variable is in the list.