tag:refactormycode.com,2007:users37 Thu Oct 04 23:54:30 +0000 2007 tag:refactormycode.com,2007:Refactor290 2007-10-04T23:54:30+00:00 <p>The above shows an example of how to check that 'page' is set in GET and how we can use a simple array to verify that the page is allowed to be accessed. You should check out the Suhosin-Patch which provides stricter access to files by allowing you to set which directories PHP can access.</p> <pre>&lt;?php $pages = array('default', 'page1', 'page2'); if(isset($_GET['page'])) { $page = $_GET['page']; } else { $page = 'default'; } if(in_array($page, $pages)) { if(file_exists(&quot;$page.php&quot;)) { include(&quot;$page.php&quot;); } else { header( 'Location: http://www.example.com/index.php?page=main' ); } }</pre> ody.myopenid.com/