Securing a page that uses $_GET to launch a database query
I have a page that uses the content of a index in the $_GET array to launch an mysql query. The query is secure (I hope so at least - it's escaped) but I am worried that this page is a potentially a vulnerability on my site because of the ability to make database queries so fast. Are there any suggestions as to how I might prevent abuse? I was thinking that to limit 100 queries per minute per IP, but this method would lead to a lot of extra database baggage to add. I could check referrers, but this is easily spoofed. The goal here is to stop mini DDOS attacks on this $_GET interpreter script.