Getting page with out exploiting my server

[ev5unleash]

I was talking to my friend (noob php coder) and I asked him if he knew the code so people could go to (ex. /index.php?request=games) instead of doing /games/index.php. He have me this code

<?php 
$request = $_GET["request"];
include("homepage/".$request);
?>

I checked my site with some people and found the problem with the script. Anyway, does anyone have any alternative? That won't exploit my server

[Minase]

simple use on index.php a php script

 

<?php
if ($_GET['request'] == "games") {
include files / HEADER OR ANYTHING ELSE GOES HERE;
}
?>

 

lets say you want to include 1.txt

<?php
if ($_GET['request'] == "games") {
include("1.txt");
}
?>

[rarebit]

it technically works, but this part:

include("homepage/".$request);

needs cleaning, for instance some malicious cracker could put in a funny url, it'd be better to use a taken and look it up, e.g. index.html?request=xyz, then check for xyz and if you have a reference then substitute for a filename:

$request = $_GET["request"];
if(strcmp($request,"userbob")==0)
{
   include("homepage/bob.php");
}

 

or check the file exists, etc...

[ev5unleash]

That was just an example, I need alittle bit more detail.

 

I want the folder /homepage

I want to be able to do something like /index.php?hp=welcome.html

It would redirect to /homepage/welcome.html

[ev5unleash]

Sorry, I still need i clearer example. Had to bump this one.

[Minase]

if my example wasnt clear enough i dont know what can be

[ev5unleash]

I get it now thanks