SQL Escape / Unescape
Safely quote string literals for ANSI, MySQL, or PostgreSQL — and reverse it.
Safe SQL literal
</>Use this tool programmaticallycurl · JavaScript · MCP
Same tool, callable from any HTTP client or from Claude (via MCP). Anonymous: 100 req/day per IP. Sign up for 1,000 req/day.
curl
curl https://api.b-e-a-d.com/tools/sql-escape/run \
-H "Content-Type: application/json" \
-d '{
"mode": "escape",
"dialect": "ansi",
"input": "your input here",
"wrapInQuotes": true
}'JavaScript (fetch)
const res = await fetch("https://api.b-e-a-d.com/tools/sql-escape/run", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
"mode": "escape",
"dialect": "ansi",
"input": "your input here",
"wrapInQuotes": true
}),
});
const data = await res.json();
console.log(data.result);MCP (Claude Desktop / Claude Code)
# In Claude Desktop / Claude Code, add to your MCP config:
{
"mcpServers": {
"bead": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.b-e-a-d.com"]
}
}
}
# Then ask Claude to call:
mcp__bead__bead_sql_escapeFull reference: developer docs · OpenAPI spec
What we escape
'single quote — doubled to''(SQL standard)\backslash — for engines that treat it as an escape (MySQL default)- Control characters —
\0 \n \r \t \bfor MySQL strings
Use a parameterized query when you can
String escaping is a last resort. Parameter binding (?, $1, :name) is safer because the driver handles types and never inlines values into the SQL text.
You might also like
- Python String Escape / UnescapeEscape arbitrary text to a Python string literal — \x, \u, \U, octal — or decode one back to raw text.
- Escape / UnescapeEscape or unescape strings for JSON, JavaScript, HTML attribute, XML, and SQL contexts.
- AES Encrypt / DecryptEncrypt or decrypt text with AES-GCM, deriving a key from a passphrase via PBKDF2 — all in your browser.
- Base64 Encoder / DecoderEncode or decode Base64 strings instantly.