[prey]

that still lets you enter ../../ and such


here's one way to do it

PHP Code:

$page_name = '';
$page_ext = '.php';
$valid_pages = Array(
'home',
'members',
'contact'
);

$default_page = 0;

if (isset($_GET['id']) && trim($_GET['id']) != '' && in_array($_GET['id'],$valid_pages))
{
    $page_name = addslashes(htmlentities(trim($_GET['id'])));

    include($page_name.$page_ext);
}else{
    include($valid_pages["$default_page"].$page_ext);
}