QIE methods like evaluateTemplate, doQuery, doConditionQuery, doSelectQuery, doUpdateQuery, and callStoredProcedure can use node tags (see: What is a nodetag?)
Normally the braces indicate the presence of a node tag. When a proper node tag is found the node tag is replaced by the data that the node tag references. If curly braces are found that are not valid node tags, they are removed. To prevent curly braces from being removed they need to be converted to numeric character references.
Replace { with { and } with }
Another way to deal with curly braces when working with database apis is to use parameterized queries.
For specific examples see these questions:
How to escape templates so script blocks and date literals are not stripped when calling evaluateTemplate or doQuery?
How can I update a database field that contains curly brackets {} in the content?
How to escape curly braces when calling stored procedures?
Also see:
https://en.wikipedia.org/wiki/Numeric_character_reference
