As a followup to his previous entry about the "crap" tutorial for easy page navigation from DeveloperTutorials, Cyberlot has posted his own more secure tutorial on the same topic - accessing content pages.

In my previous entry you saw how a "tutorial" showed a nice insecure way of accessing content pages, What about a more secure way?

In my opinion when it comes to using includes of any type using a user inputted string directly should always be avoided. Think of it this way, even if you filter the string using regex to only allow alphanumeric characters what happens when there is a exploit in regex?

This may be a little paranoid but think about it, Any function that allows "system" access should be treated with an extra layer of resepect this being on of them.

He actually gives two different methods for doing it, both more secure than the DeveloperTutorails example - using a switch with keywords instead of just putting the variable into the filename, and uisng a "valid array" to compare the request against...