html_escaping = {
    "<": "&lt;",
    ">": "&gt;",
    "\"": "&quot;"
}



def decode_url(url):
    i = 0
    end = len(url)

    decode_buffer = ''
    char_buffer = bytearray()

    while i < end:
        if url[i] == '%':
            try:
                char_buffer.append(int(f'0x{url[i+1:i+3]}', 16))
                decode_buffer += char_buffer.decode("UTF-8")
                del char_buffer[:]
                i += 3
            except:
                i += 3
        elif url[i] == "+":
            decode_buffer += " "
            i += 1
        else:
            decode_buffer += url[i]
            i += 1

    return decode_buffer

def parse_query(query):
    query_items = [i for i in query.split("&") if i]

    query_dict = {}
    for i in query_items:
        k, v = i.split("=")
        query_dict[decode_url(k)] = decode_url(v)

    return query_dict

def escape_sql_string(s):
    return s.replace("'", "''")

def escape_html(s):
    for k, v in html_escaping.items():
        s = s.replace(k, v)

    return s