I learned a lot at Stackoverflow, it's my favorite programming website, and researching here I found the answers for many of my questions. Now that I've finished the code I need to know: does it have any security flaw?
It needs to get the domain name from the url in order to see if a var file containing that expression exists on the directory and output it's content. Your help is really appreciated!
Would be enough if I sanitize HTTP_HOST using htmlspecialchars and preg_replace? Using strip_tags would be overkill, no? Removing those special characters from the array is also redundant, don't you think?
Edit:
I'll alter the code and also add protection to the include files themselves. Many thanks!
