if(isset($_GET['p'])){
$id1 = $_GET['p'];

$pattern = '/[^a-zA-z_-]/';
$id = preg_replace($pattern, "", $id1);

$id = $id1;
//mysql get that page if it exists code...
include("mysqli_connect.inc.php");
$psql = "SELECT * FROM page_id WHERE id = " . $id . "";
$result = $mysqli->query($psql);
$page = $filesdir. "home.php";
if($data = $result->fetch_array(MYSQLI_ASSOC)){

$id = $data['id'];
$file = $data['file'];
if(file_exists($filesdir . $file)){
$page = $filesdir . $file . "";

}else{
$page = $filesdir. "home.php";
};
}else{
$page = $filesdir. "home.php";
};
}else{
$page = $filesdir. "home.php";
};

this big if should set $page to the page specifyed with $_GET['p']
as a number. so?p=10 is okay but?p=10a not. The preg_replace should filter everything that isn't a number out and pass the result to $id. then the script should try to get the page that is linked with the id and be included in the page via $page. If the number is not found in the database the defult page: home.php will be used. Or if there is another error the home.php should be used too.

Short: use a number to get the page, on error display home.php

I can't seem to get the preg_replace working...

John