Need some help,

I have this code below on my index.php so i can allow my main page to be easily allow all my other pages on the site work inside of the index.php. However, this also seemingly allows hackers to send spam email from my site using site cross-linking. Is there a simple change i can make in the code below or perhpas a suggustion and a toally different code that will have the same effect that would stop the site cross-linking or spam emails?

<?php
if($id == "")
{ include "http://www.dragonballmaster.com/News/update.htm"; }
else
{ include "$id"; }
?>

Thanks for the hlep..

Here is how it is on my site:

My site links:
test 1 index.php?id=test1/index.html
test 2 index.php?id=test2/index.html
test 3 index.php?id=test3/index.html

This links work correctly with my orginal post code.

HOWEVER:

attackers post

index.php?id=http://geocities.com/st0p212/enjoy.txt


With my code posted in my orginal post above what do i need to change to stop these?

Can anyone provide me with some examples of different code or the minor changes I shoudl make to my current code?

THanks

maybe something like:

<?php
if(empty($id)){
$id = '0';
}
else {
$id = $_GET['id'];
}
switch ($id){
case 0:
include 'page.php';
break;
case 1:
include 'page2.php';
break;
}
?>

etc.

or:

if (preg_match('/((http|https|ftp):\/\/)?(www\.)?/isx', $id){
die();
}

maybe something like:

if (preg_match('/((http|https|ftp):\/\/)?(www\.)?/isx', $id){
die();
}


okay, so this way perhaps i can just included ALL pages from ONLY my domeain... and to block any other domains that try to use it? Because i ahve about 100 pages of content and including all the pages in the valid () eats up code?

Please give me as detailed examples as possible... <--- only beginer at Coding

Could some give me more examples perhaps and differnt codes to use?

okay, so this way perhaps i can just included ALL pages from ONLY my domeain... and to block any other domains that try to use it? Because i ahve about 100 pages of content and including all the pages in the valid () eats up code?

Please give me as detailed examples as possible... <--- only beginer at Coding

This will block any ids that begin with http:// or www.

you could do:


if (preg_match('/yourdomain\.com/is', $id){}

you really don't want to be directly including something passed from the user, much more sensible to use a whitelist, either an array of pagenames with in_array, a switch statement, or maybe a database (including content, if it's static...)