this exploit won't work. the myadmindir variable is set before any GET variables are processed. sanitation is performed in the previous file.