Okay I asked for help with this a few months back I wanna have pages that in a navigation thing that will open the page within the middle of the site kinda like an iframe but with php I dont really like iframes and im trying to work with php now however I had a script a friend gave me however it ended up get me exploited heh someone was able to run a XSS on me that allowed them to upload stuff to my server so now I need something new to use.

heres what I was using but it get me hacked...

Code:
<?php 
if (!isset($_GET["link"])) include 'main.php';
else if(is_file($_GET["link"] . ".php") && $_GET["link"] !="index" ) include htmlspecialchars($_GET["link"] . ".php");
else include 'error.php';
?>
I need something like this but more secure. or if anyone knows how to fix the above script maybe show me how to fix it so it cant be exploited.