Is there something wrong with the way I implement the calendar on my site?

I am creating a website for students in a school that needs to include a timetable page that will display a calendar with events populated with feeds from various teachers' calendars. After trying a lot of scripts and tools for displaying calendars, I finally stumbled upon a very crappy, hacked-together way to do this, and I want to know if there are any specific things in my implementation.

My requirements from this calendar are posted in a previous question This is how my implementation would work:

Teachers make their schedules in their own calendar programs and make these channels available in iCal format. A typical Google account for the school subscribes to all of these calendars, and therefore gets read-only access to all of the teachers' schedules in the school. Google Calendar has a feature to select some of your calendars and then get the html code for an iframe to embed into your site so site visitors can see which events are coming up. When I experimented with the options in Google Configurator, I found that simply by including certain codes in the URL requiring iframe content, you can change which calendars were visible. These codes or calendar IDs are clearly displayed in the settings for each calendar. So my final solution is this:

For each student there is a record of which courses they have taken, and therefore which calendars they should show. With some SQL magic, I can get the calendar ids from a pre-prepared database of all the calendar ids and then generate the correct url for the iframe using php and display it.

Hope it wasn't too confusing to understand. Now can someone tell me if it has any security flaws or bad programming practices etc. Something about the whole idea of ​​dynamically generating urls, using iframes, using a shared google account, etc. just screams "Error!" Can anyone tell me if this is the right fit for this, or is there some problem with it?