One way is to define an array of allowed parameters, and if $_GET['view'] matches, then proceed.
PHP Code:
<?php
/* This script:
gets the ?view param
checks them against an array of allowed values
if there is a match, run the include line.
else, display a file of your choice/do what you wish
*/
$view = trim($_GET['view']); // remove extra spaces and so on..
// here is the array of allowed pages
$allow = array("home.php", "faq.php", "images.php", "blah.php");
// check for match
if(in_array($view, $allow)
{
include($view);
}
else
{
include("defaultpage.php"); // you could use $array[0] for home.php
// or you could echo "Baf user! etc..
}
?>
Hope that helps.