include user input
Posted: Mon Jul 17, 2006 9:46 pm
I've written an index.php that includes a header, footer, site navigation, and also content that is selected by a variable named view. I'm not really too sure if my code is safe or not. GPC_Magic_Quotes is enabled. I have posted the relevant code below. Please let me know if there are any security issues with this, and what? Your help is appreciated, thank you.
Code: Select all
$valid_pages = array( "home" => "home.php",
"search" => "search.php",
"about" => "about.php",
"contact" => "contact.php");
$view = trim($_GET['view']);
$view = strtolower($view);
foreach($valid_pages as $key => $val) {
if($view == $key) {
$content = $val;
}
else {
$content = "home.php";
}
}
include_once($content);