What are the potential pitfalls of including files in PHP scripts?

One potential pitfall of including files in PHP scripts is the risk of including files from untrusted sources, which could lead to security vulnerabilities such as code injection or file inclusion attacks. To mitigate this risk, always validate and sanitize user input before including files in your scripts.

// Example of including a file with validated input
$allowed_files = ['file1.php', 'file2.php'];

$file_to_include = $_GET['file'];

if (in_array($file_to_include, $allowed_files)) {
    include $file_to_include;
} else {
    echo "Invalid file included.";
}