What potential pitfalls should be considered when using the include command in PHP?

When using the include command in PHP, one potential pitfall to consider is the security risk of including files from user input or external sources. This can lead to vulnerabilities such as remote code execution or directory traversal attacks. To mitigate this risk, always validate and sanitize user input before using it in an include statement.

// Validate and sanitize user input before using it in an include statement
$user_input = $_GET['file'];
$allowed_files = ['file1.php', 'file2.php', 'file3.php'];

if (in_array($user_input, $allowed_files)) {
    include $user_input;
} else {
    echo "Invalid file";
}