How to escape user input in built liql query

The method of escaping data is dictated by how you use said data.
If I want to dump it in html and if it is user input I need to escape html markup.
If I want to dump the data in json fields I need to escape by json rules.

My question what escape mechanism should I use when I dump the input in liql?

My input can be a number, text, html it doesn't matter all it matters to me is that the liql query is formed correctly. I know that liql only shows data you can see by enforcing rules but consider the following use case.

I query if a user can see some content so I can enhance said content's body (this is outside of the scope of server side rendering and can only be done through an ajax call, so I cannot use anything like message / user info, from the available contexts because there aren't any.

If I then query by some custom identifier passed through an ajax parameter to see if he has permissions by dumping that into liql (check if he has something returned by the query) I might end up in having the following situation. If he adds a specific string that would change my query during the string concatenation to return something else he has rights to, then I can't tell if he should be allowed to see the fields or the target in the first place.
Even though the query returns data he is able to see it may not be the info I am supposed to check against.