I've thought about it some more - in the shower. We must not support parameters for QL that do not offer it or we would face the security risk of (S)QL injection. The only safe solution is to have a proper parser for that QL or a safe way to escape any input according to the QL rules.