What are some potential security risks when using PHP include/require functions to include files?

When using PHP include/require functions to include files, there is a potential security risk of including files from untrusted sources, which could lead to remote code execution or exposing sensitive information. To mitigate this risk, it is important to validate and sanitize user input before including files.

$file = 'path/to/file.php';

if (strpos($file, 'allowed_directory/') !== false) {
    include $file;
} else {
    echo 'Access denied.';
}