Check out modsecurity.org for a good explanation.
http://modsecurity.org/documentation/index.html is good too.
good article I found on their page:
http://www.hackinthebox.org/article.php?sid=12867
The idea is to watch for these patterns in url injections (be they post or get) so as to prevent kiddies from running unix like or php commands or injecting php commands into your code or client's code.