Say I have the following code:
$filename = $_GET['filename'] . '.csv';
$handle = @fopen($filename);
If you query for
fopen will try to gather the pdf file...
Rather use regex to validate
$_GET (you should always validate your input):
/(\.csv)$/g will help you validate whether the extension is