What are the potential security risks associated with passing extra parameters in a GET request in PHP?

// Validate and sanitize input parameters from GET request
$param1 = isset($_GET['param1']) ? filter_var($_GET['param1'], FILTER_SANITIZE_STRING) : '';
$param2 = isset($_GET['param2']) ? filter_var($_GET['param2'], FILTER_SANITIZE_STRING) : '';

// Use the sanitized parameters in your code
// For example, you can use them in a database query
$stmt = $pdo->prepare("SELECT * FROM table WHERE column1 = :param1 AND column2 = :param2");
$stmt->bindParam(':param1', $param1);
$stmt->bindParam(':param2', $param2);
$stmt->execute();