Sure you can use:
$sRedirectTo = !empty($_GET['url']) ? $_GET['url'] : 'http://yoursite.com/';
header('Location: ' . $sRedirectTo);
Make sure that the url's provided are encoded as well. If you are generating them a raw_urlencode should do the trick. That prevents it from misinterpreting the characters in the querystring as a part of the actual path.