View file read.php

<?php
include 'inc/db.php';
include 'inc/1.php';
if (!$user)header("Location: /aut.php");
$id=intval($_GET['id']);
$file=mysql_fetch_assoc(mysql_query("SELECT * FROM `obmen` WHERE `id` = '$id'"));
$name=htmlspecialchars($file['name']);
$ras=htmlspecialchars($file['ras']);
if ($ras!='txt')header("Location: /file.php?id=$id");
echo "<div class='p0'>";
echo nl2br(htmlspecialchars(file_get_contents("obmen/".$id.".file")));
echo "</div>";
include 'inc/foot.php';
?>