eh, i'm sorry if my post harms you. i didn't mean page= whatever is based on your above script. it's another case as with query string act=whatever is another case of hacking attempt via http request to local system function call. although i think that such attempt is worth trying, i try to propose that php paranoia isn't something worth considering too much. the team always do the best to build php including its security. at any case a "very common" bug is revealed (if it's truly bug) and security holes exposed, php snapshot is published immediately for all php users.
so sorry, i'm just php noob.
