Ishan Pandya wrote:As bear said,
Do some validation on the server side for checking the request parameter (Url parameters as you say) then if you find something wrong then send the user to error page.
According to my knowledge there is no such thing which can stop user to modify the request parameter or encode URL. If you find then please tell us here.
Bear Bibeault wrote:URL encoding has nothing to do with allowing or disallowing what can happen on the server. URL encoding is just the means that "special characters" such as &, space, and the like are encoded into the URL values.
What you need on the server is authentication and authorization so that users aren't allowed to do anything that they shouldn't be doing.