I can see reasons for requiring non-alphanumeric characters in a password (even though the reasoning behind that might not be valid). But why the hell you would want to forbid using them, is beyond me. Still I've seen this in pretty many sites, even modern ones.
Maybe they don't have proper parametrized queries and are afraid of SQL injections :)
Maybe they don't have proper parametrized queries and are afraid of SQL injections :)