PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
This should work. You need to be careful and filter $page since it is user-supplied input.
I've added basename() which is just basic filtering.
Also, use $_GET instead of $HTTP_GET_VARS
<?php
$id = $_GET["id"];
$page = $_GET["page"];
$extension = "php";
// strip any path that has been sent as part of $page
$page = basename($page);
$file = "$id/$page.$extension";
if ( !$id || $id == "" )
{ include "./school.php"; }
else if ( file_exists( $file ) )
{ include $file; }
else { echo "<center><h2>404 ERROR!</h2></center>"; }
?>
erm. I recommend using a switch statement and each case checks for expected inputs and includes the appropriate page, if no match then take them to the home page...