That code is wrong, these paths will get through it:
This just shows how difficult it is to secure things properly So it might just be a better idea to actually use sqlite
Code:
../../.././settings.ini
\\server\share\settings.ini