In my PDO study I came across the following: I have a URL like this: www.site.com/admin/index?dir=article/create
As I created a .php removal function from the files in the navigation the URL above did not work.
So I decided to change the "?" by "&" and removing the .php from the URL, thus:
www.site.com/admin/index&dir=article/create
and it worked, he searched the article folder for the create file and rendered it for me. How can this affect my site? Security can be compromised? Thanks for any feedback.