Use _encodeStringElement for string encoding

Replace direct Uri.encodeComponent calls with a centralized _encodeStringElement in QueryBuilder string-handling methods (whereStartsWith, whereEqualTo, whereNotEqualTo, whereContains, and search) to ensure quotes and backslashes are JSON-escaped correctly when building queries. Add a unit test to verify percent-encoded sequences (%5C%22 and %5C%5C) appear in the built query and that raw `"`/`\` do not, preventing invalid JSON after server URL-decoding.

Author: AdrianCurtin

packages/dart/lib/src/network/parse_query.dart

@@ -129,7 +129,7 @@ class QueryBuilder<T extends ParseObject> {
     String prefix, {
     bool caseSensitive = false,
   }) {
-    prefix = Uri.encodeComponent(prefix);
+    prefix = _encodeStringElement(prefix);
 
     if (caseSensitive) {
       queries.add(
@@ -155,7 +155,7 @@ class QueryBuilder<T extends ParseObject> {
     String prefix, {
     bool caseSensitive = false,
   }) {
-    prefix = Uri.encodeComponent(prefix);
+    prefix = _encodeStringElement(prefix);
 
     if (caseSensitive) {
       queries.add(
@@ -178,7 +178,7 @@ class QueryBuilder<T extends ParseObject> {
   /// to be equal to the provided [value]
   void whereEqualTo(String column, dynamic value) {
     if (value is String) {
-      value = Uri.encodeComponent(value);
+      value = _encodeStringElement(value);
     }
 
     queries.add(
@@ -237,7 +237,7 @@ class QueryBuilder<T extends ParseObject> {
   /// to be not equal to the provided [value]
   void whereNotEqualTo(String column, dynamic value) {
     if (value is String) {
-      value = Uri.encodeComponent(value);
+      value = _encodeStringElement(value);
     }
 
     queries.add(
@@ -356,7 +356,7 @@ class QueryBuilder<T extends ParseObject> {
     String substring, {
     bool caseSensitive = false,
   }) {
-    substring = Uri.encodeComponent(substring);
+    substring = _encodeStringElement(substring);
 
     if (caseSensitive) {
       queries.add(
@@ -385,7 +385,7 @@ class QueryBuilder<T extends ParseObject> {
     bool orderByScore = true,
     bool diacriticSensitive = false,
   }) {
-    searchTerm = Uri.encodeComponent(searchTerm);
+    searchTerm = _encodeStringElement(searchTerm);
 
     queries.add(
       MapEntry<String, dynamic>(

packages/dart/test/src/network/parse_query_test.dart

@@ -757,5 +757,29 @@ void main() {
       final queryString = queryBuilder.buildQuery();
       expect(queryString, contains('"\$in":[1,2,3]'));
     });
+
+    test(
+        'scalar where methods JSON-escape quotes and backslashes in String values',
+        () {
+      final queryBuilder = QueryBuilder.name('Diet_Plans');
+
+      queryBuilder.whereEqualTo('title', 'He said "hi"');
+      queryBuilder.whereNotEqualTo('note', r'C:\path');
+      queryBuilder.whereStartsWith('name', 'quote"prefix');
+      queryBuilder.whereContains('body', r'back\slash');
+
+      final queryString = queryBuilder.buildQuery();
+
+      // `"` and `\` must come through percent-encoded as `\"` / `\\` so the
+      // JSON stays valid after the server URL-decodes the query.
+      expect(queryString, contains('%5C%22'));
+      expect(queryString, contains('%5C%5C'));
+
+      // Raw `"` and `\` inside the values would break JSON parsing.
+      expect(queryString.contains('"He said "hi""'), isFalse);
+      expect(queryString.contains(r'C:\path'), isFalse);
+      expect(queryString.contains('quote"prefix'), isFalse);
+      expect(queryString.contains(r'back\slash'), isFalse);
+    });
   });
 }