What I've always done in cases like this is .. and assuming the URL vanished due to "malicious intent"; I do a
<cfif trim(url.whatever) is "">
<cflocation url="home.cfm">
</cfif>
if I am expecting an integer I do a <cfif not isnumeric()>
But then again, I always parse URL's looking for injections prior to sending to the stored procedure to run the query. If that is the next step.
Does that help?