The current Text
parameter type is very useful, but it is not secure & does not work seamlessly if the filter text contains a single-quote.
I propose that redash should support a new parameter type “escaped-text” which would escape any single-quotes passed through the parameter.
For instance, I can not create a report allowing users to filter on addresses, because the apostrophe is common in french addresses. To overcome this, we filter on a “sanitized” address column, but it would be a lot more intuitive to the end user to be able to put in whatever text the situation requires.