Because user can pass variable and value via Addressbar
for example
http://www.xxxxxx.com?auth=1&name=username;

I think it a big problem in security because it can assign all variable?

Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?

If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website