I have the common used function php get to include a file and display it as a page like this
index.php?F=contact
<?php
$file=$_GET['F'];
include('the_files/'.$file.'.php');
?>
This will display file contact.php
Because of security I want to filter the
$file=$_GET['F'];
with some kind of code so only text without simbols without slashes will get in the INCLUDE
I tried with
<?php
$clean_file=mysqli_real_escape_string($clean_file,$_GET['F']);
include('the_files/'.$clean.'.php');
?>
But it seems like this is only to clean MySQLi...
Any idea how to do that?