Originally Posted by h0ly lag

Of course, rule number one. Never trust user input. :)

So maybe something like this:
/reply.php?t=56

And all that 't' GET variable would be is the thread ID.

I guess just keep it simple. Just verify and filter the GET var and go with it. Yeah?

EDIT: After read Wildhoney's post, is it more advantageous to use GET or the hidden input field like I currently am? Does it even matter?