best way to secure this

We have a few customers on our servers who use code similar to this

PHP Code:
<?php
   if (isset($x)) {
     include($x);
   } else {
   include('main.htm');
}
?>
However, this unfortunately appears to allow anyone to craft a URL to pass system commands to the server, by setting x= to whatever they want.

What's the best way to secure against that? Is their anyway to secure against it short of changing the code?

 

 

 

 

Top