What is the best practice for including a specific page using GET parameters in PHP?

When including a specific page using GET parameters in PHP, it is important to properly sanitize and validate the input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. One way to do this is by using the `htmlspecialchars()` function to escape special characters in the input. Additionally, you should check if the input is valid before including the page to avoid errors.

&lt;?php
// Sanitize the GET parameter
$page = isset($_GET[&#039;page&#039;]) ? htmlspecialchars($_GET[&#039;page&#039;]) : &#039;default&#039;;

// Validate the input
$allowed_pages = [&#039;page1&#039;, &#039;page2&#039;, &#039;page3&#039;];
if (!in_array($page, $allowed_pages)) {
    $page = &#039;default&#039;;
}

// Include the specific page
include $page . &#039;.php&#039;;
?&gt;

Keywords

PHP GET parameters include URL security

What is the best practice for including a specific page using GET parameters in PHP?

Keywords

Related Questions