Add a function to totally escape params for Db::parseParam

[Anubarak]

When you want to search for certain Elements via ID passed by URL parameter you always have to use a custom where condition. This can be especially annoying after the field suffix change in case we want to find an element based on a unique custom field value.

It would be awesome if there was a way to escape all parameters and just use

$id = // get the id from somewhere
Element::find()->id(Db::escapeEverything($id))->one();

I know there are functions like escapeParam and escapeCommas but those won't catch things like :notempty: It would be awesome to have one single function that will escape all and everything and just use the raw single value that is passed and compare it against the DB and if users use :notempty: it will directly search in Db against the value :notempty:.

Maybe that was your entire point with this function as your literal twig filter might claim this
"Escapes an untrusted string for use with element query params." However it misses :empty: and :notempty: not sure if this is on purpose.

[brandonkelly]

Just updated Db::escapeParam() to escape :empty: and :notempty: values, and Db::parseParam() also respects those escaped values, for Craft 4.4 (via #12697).

[Anubarak]

Thank you very much 👍

[brandonkelly]

4.4 is out!