security - Why the restricting URI characters in the config file? -

i using clean url search. if user types single quote says disallowed uri character. , know how enable character appearing in url. want know security vulnerabilities on allowing characters braces, quotes , others?

i want know means explanation or external references.

i assuming talking "query string" part of url, if framework disallowing characters prevent sql inject sort of attacks in code may end using query string values construct sql query , boom, application sql injected.