Dynamic Include Safety

Question

Is there any way to safely include pages without putting them all in an array?

if (preg_match(\'/^[a-z0-9]+/\', $_GET[\'page\'])) {

$page = $_GET[\'page\'].\".ph         


        

Answer 1

Despite what you stated about not wanting to store a list of available pages in an array it is likely going to be the best, non-db, solution.

$availFiles = array('index.php', 'forum.php');
if(in_array($_GET['page'].".php", $availFiles))
 {
   //Good
 }
else
 {
   //Not Good
 }

You could easily build the array dynamicly with either DB queries or by reading a file, or even reading the contents of a directory and filtering out the things you don't want available.