security problem

first hi all whast up ?!!!!!!
second sorry for my englisht is not my mother language
i`m new in PHP programmng and i have problem with RFI (Remote Fle Inclusion)
exemple

index.php

Code:

<?php 
$i= "index2"; 
include("index1.php"); 
$b="1"; 
$p= $b + $d; 
echo $p; 
?>

index1php

Code:

<?php 
$f="4"; 
include($i.".php"); 
$d= $f + $s ; 
?>

index2php

Code:

<?php 
$s="5"; 
?>

it cen be exploit in this way
http://www.site.com/index1.php?i=[phpshell_pth]?
i wont to stop RFI
how can I

 

You can check the referrer to grant/deny the file inclusion!

 

Note that 'HTTP_REFERER' is set by the user agent, if at all, and can't be trusted. Rely on your server and its permission mechanisms.

 

i think there's a small solution using eregi()
you can make a small filter for "." & "/"