Add a check for php files, or any other files you don't want anybody to include:but what about '?' and '#' additions?
if(ereg('php[0-9]$', $id))
goaway;
$id="however_they_would_find_out/your_path/file.php?extra=x#loc"; ?
so maybe
if(ereg('\.php', $id)) ?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php