What are some potential security risks associated with using user input directly in file inclusion in PHP?

Using user input directly in file inclusion in PHP can lead to security risks such as directory traversal attacks, allowing malicious users to access sensitive files on the server. To mitigate this risk, it is important to validate and sanitize user input before using it in file inclusion functions.

// Sanitize user input before using it in file inclusion
$user_input = $_GET['file'];
$allowed_files = ['file1.php', 'file2.php', 'file3.php'];

if (in_array($user_input, $allowed_files)) {
    include($user_input);
} else {
    echo "Invalid file requested";
}