perf(urlencoded): optimize parameter counting for better memory efficiency

The previous implementation used �ody.split('&') which always
processed the entire request body and allocated a full array,
regardless of the parameter limit.

The new implementation:
- Counts '&' characters iteratively without array allocation
- Exits immediately when the limit is reached
- Handles edge case of empty/null body
- Reduces time complexity from O(n) worst-case always to O(min(n, limit))

This particularly improves resilience against malicious requests
with thousands of parameters attempting to exhaust server resources

Author: Ayoub-Mabrouk

lib/types/urlencoded.js

@@ -131,7 +131,12 @@ function createQueryParser (options) {
  */
 
 function parameterCount (body, limit) {
-  var len = body.split('&').length
+  let count = 0
+  for (const char of body) {
+    if (char === '&') {
+      if (++count >= limit) return undefined
+    }
+  }
 
-  return len > limit ? undefined : len - 1
+  return count
 }

test/urlencoded.js

@@ -466,6 +466,14 @@ describe('bodyParser.urlencoded()', function () {
   })
 
   describe('with parameterLimit option', function () {
+    it('should handle empty body with parameterLimit', function (done) {
+      request(createServer({ parameterLimit: 10 }))
+        .post('/')
+        .set('Content-Type', 'application/x-www-form-urlencoded')
+        .send('')
+        .expect(200, '{}', done)
+    })
+
     describe('with extended: false', function () {
       it('should reject 0', function () {
         assert.throws(createServer.bind(null, { extended: false, parameterLimit: 0 }),