Is my PHP code safe?

Food4Lyfe

Can anyone please tell me if my PHP code secure or if there are holes in it? Is it vulnerable to hackers?

<?php
$news = "news.php";
$ext = ".php";
if(!isset($GET['index'])){
include $news;
}
elseif(isset($GET['index']) && file_exists($GET['index'].$ext)){
include $GET['index'].$ext;
}
?>

If it is can anyone please tell me a code that will do the same thing but has no holes or vulnerability in it. I want my web site to be able to open up my news page on the index, but than be able to change when I go to another page while keeping the layout the same

Is their a way to prevent only my website to be able to access files. For example, my hypothetical site url is http://www.FOOD.com and if I like to a page on my site it would be done like this: http://www.FOOD.com/index.php?page=pizza, with pizza.php being my page that I'm calling.

I know that with this url "http://www.FOOD.com/index.php?page"= you can call other websites as well, and this leads to vulnerability against hackers. How can I restrict it from calling an external page? Because hackers can type in a url such as the following: http://www.FOOD.com/index.php?page=http://www.THEHACKER.com/thehackingscript
and be able to flood your system or whatever.

leatherback

Hi
a better way to do this, is to only pass an ID to the script:

http://www.food/com?page=23

You'd have in the script some index, or translation array/file:
e.g.,

pages[1] = "pizza.php";
pages[2] = "Pasta";

if(isset($_GET['page']) && is_numeric($_GET['page']))
  {
  $thispage = $_GET['page']
  if(array_key_exists($thispage, $pages))
    {
     include(page[$thispage]);
    }
  }
else
  {
  include("default.php");
  }

suntra

A user could change the value of index and add "../" to it, so he or she could get access to many files, so no, it is not secure ! Use leatherback's solution instead 😉