Well the method I posted works is used by the firm I used to work for. It is perfectly secure if you know how to use it.

The case statement is good but when you are dealing with a template and you have over 50 pages it becomes a bit clumsy.

I wouldn't use the above method to be honest. As - though I havn't tested - if someone put http://domain.com/something.php?id=...kerurl.com/page and the above code would just add the ".php" to it and "wallah" someone can include some exploitable code.

This will not work. Since when do includes work with remote websites?
Try and do include("www.yourdomain.com/honoes.php") and see what happens. Nothing.

Like I said, if you are smart this script is perfectly secure. But by smart, I mean you have to know what files should be protected by .htaccess (admin files).

Either way the case statement will work fine, but imho this is more efficient.