Anand84 from what I understand example.com/keyword-here/?q=spam-keyword should be
example.com/keyword-here?q=spam-keyword ( without the / after the first keyword-here )
Not quite, example.com/keyword-here/?q=spam-keyword should be example.com/keyword-here. When you have the problem is when someone pastes example.com/keyword-here?spam-here and they get the page example.com/keyword-here BUT with url in the address bar still as example.com/keyword-here?spam-here
OR your original page as example.com/product-title-1234.html and you can access it also by example.com/product-title-1234.html?spam-words, you've got a problem, basically ? question mark enables any parameters added and still resolves to a correct page. Millions of sites have this problem, add ?whatever to the end of thread pages on many large forums and you'll see! As long as the injection (the different URL) is not posted on the site itself, G* knows how to deal with it I guess, it's out of your control.