I will withhold most of my commentary on the risks of executing any file that is passed as a url argument, but I’ll say a couple things. I agree that it is indeed risky, and I would suggest implementing a switch statement so that only certain files can be executed based on predetermined values that you decide are permissible.
If you have so many files that this is not feasible, perhaps you should step back and reconsider what you’re trying to accomplish. It would seem to me that you’d be duplicating a lot of repetitive code like header and footer files.
With that out of the way I’ll go on to say that what you’re describing seems to me like a simple 404 page. You want to show a certain page when the requested document is unavailable. This is easily accomplished by putting a couple things in a .htaccess file. You could try something like this:
deny from all
ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /sorry.php
ErrorDocument 500 /error.php