$val) { if (strpos(htmlspecialchars($val), ".php") === false) { $csf .= ($before . htmlspecialchars($val)); $before = " "; } } } passthru($csf . "'"); exit; ?>