SQL Escape / Unescape

Safely quote string literals for ANSI, MySQL, or PostgreSQL — and reverse it.

DialectWrap in 'quotes'

Raw string

Safe SQL literal

'O''Reilly
Line 2 with \ backslash'

What we escape

' single quote — doubled to '' (SQL standard)
\ backslash — for engines that treat it as an escape (MySQL default)
Control characters — \0 \n \r \t \b for MySQL strings

Use a parameterized query when you can

String escaping is a last resort. Parameter binding (?, $1, :name) is safer because the driver handles types and never inlines values into the SQL text.

Python String Escape / UnescapeEscape arbitrary text to a Python string literal — \x, \u, \U, octal — or decode one back to raw text.
Escape / UnescapeEscape or unescape strings for JSON, JavaScript, HTML attribute, XML, and SQL contexts.
AES Encrypt / DecryptEncrypt or decrypt text with AES-GCM, deriving a key from a passphrase via PBKDF2 — all in your browser.
Base64 Encoder / DecoderEncode or decode Base64 strings instantly.

What we escape

Use a parameterized query when you can

You might also like