Why the restricting URI characters in the config file?

Question

I am using clean URL for search. If the user types a single quote it says disallowed URI character. And I know how to enable a character for appearing in the URL. I want to know the security vulnerabilities on allowing certain characters like braces, quotes and others?

I want to know this by any means like explanation or external references.

Answer 1

I am assuming you are talking about "query string" part of the URL, if that is so then your framework is probably disallowing those characters to prevent SQL inject sort of attacks as in your code you may end up using those query string values to construct a SQL query and boom, your application is SQL injected.