There are many well-known security attacks based on the query string of an HTTP request (for example, the SQL injection attack). Always rigorously validate the parameters contained in the query string. If you use the values without validation, a well-known security hole is open.