$allowed = ['overview', 'reviews', 'cast']; if (in_array($_GET['page'], $allowed)) include($_GET['page'] . '.php');
If movie.php allows image uploads without checking file types, a hacker might upload a .php shell. movie/movie.php
To make the "movie/movie.php" script more engaging and user-friendly, several features could be added: $allowed = ['overview'