[RESOLVED] Is this safe?

Dvdbrink

I was wondering if this a safe code for including pages?

<?php
$pages = array('news','register','memberlist');

if (isset($_GET['p']) && !empty($_GET['p']))
{
    if(in_array($_GET['p'], $pages))
    {
         if (file_exists($_GET['p'].".php"))
        {
            include($_GET['p'].".php");
        }
    }
    else
    {
        echo "Error: Page doesn't exist";
    }
}
else
{
    include("news.php");
}
?>

laserlight

Yes, it is safe, though you could simplify it to:

<?php
$pages = array('news','register','memberlist');

if (isset($_GET['p']))
{
    if (in_array($_GET['p'], $pages) && file_exists($_GET['p'] . '.php'))
    {
        include $_GET['p'] . '.php';
    }
    else
    {
        echo "Error: Page doesn't exist";
    }
}
else
{
    include 'news.php';
}
?>