Text to escape

SQL Dialect:

Escaped text

Why escape text in SQL?

Escaping SQL is necessary when you want to include user-provided data in SQL queries to prevent SQL injection attacks. SQL injection occurs when malicious SQL code is inserted into a query, potentially allowing attackers to access, modify, or delete data in your database.

Examples of SQL escaping

Original text

SELECT * FROM users WHERE username = 'john' AND password = 'p@ss''word';
INSERT INTO messages (sender, content) VALUES ('O''Reilly', 'Hello, this is a "test" message');
UPDATE products SET description = 'This product's name is "Super Product"' WHERE id = 123;
DELETE FROM logs WHERE entry LIKE '%error%' AND timestamp < '2023-01-01';
-- This is a comment with special chars: ', ", ,

Escaped text (standard)

SELECT * FROM users WHERE username = ''john'' AND password = ''p@ss''''word'';
INSERT INTO messages (sender, content) VALUES (''O''''Reilly'', ''Hello, this is a "test" message'');
UPDATE products SET description = ''This product''s name is "Super Product"'' WHERE id = 123;
DELETE FROM logs WHERE entry LIKE ''%error%'' AND timestamp < ''2023-01-01'';
-- This is a comment with special chars: '', ", ,

SQL Escaping by Dialect

Standard SQL

In standard SQL, single quotes are escaped by doubling them:

  • Single quote (') becomes ''

Example: 'O''Reilly'

MySQL

MySQL uses backslash escaping for special characters:

  • Single quote (') becomes \'
  • Double quote (") becomes \"
  • Backslash (\) becomes \\
  • Newline (\n) becomes \\n
  • Carriage return (\r) becomes \\r
  • Tab (\t) becomes \\t
  • Null byte (\0) becomes \\0
  • Ctrl+Z (\x1a) becomes \\Z

Example: 'O\'Reilly'

PostgreSQL

PostgreSQL primarily uses doubled single quotes for escaping:

  • Single quote (') becomes ''

Example: 'O''Reilly'

Note: PostgreSQL also supports the E'' syntax for strings with escape sequences, but this tool focuses on the standard escaping method.

SQL Server (MSSQL)

SQL Server uses doubled single quotes for escaping:

  • Single quote (') becomes ''

Example: 'O''Reilly'

When to use SQL escaping

  • When building SQL queries that include user input
  • When working with data that contains special characters like quotes
  • When generating SQL scripts programmatically
  • When storing text that contains SQL special characters in a database

Security Note:

While escaping SQL is important, using parameterized queries or prepared statements is generally a safer approach to prevent SQL injection. This tool is useful for educational purposes and for cases where parameterized queries are not an option.

Related Tools

All Tools

See all available tools

Text tools

Decode base64 textBase64 encode textTrim whitespacesDecode URL textURL encode textChange text to uppercaseChange text to lowercaseCount words, lines, paragraphs

Case switching

Switch caseToggle: SCREAMING_SNAKE_CASE / camelCaseToggle: snake_case / camelCaseToggle: kebab-case / snake_caseToggle: kebab-case / camelCaseToggle: dot.case / camelCaseToggle: PascalCase / camelCaseToggle: lowercase words / camelCaseToggle: First word capitalized / camelCaseToggle: Capitalized Words / camelCaseTo camelCaseTo snake_caseTo kebab-caseTo PascalCaseTo SCREAMING_SNAKE_CASETo Capitalized_Snake_CaseCapitalizeTo lower caseTo UPPER CASEInvert caseTo Spring Boot System Env Variable

Un/Escape

Escape java textUnescape java textEscape JavaScript textUnescape JavaScript textEscape C# textUnescape C# textEscape HTML textUnescape HTML textEscape JSON textUnescape JSON textEscape XML textUnescape XML textEscape SQL textUnescape SQL textEscape PHP textUnescape PHP textConvert diacritics to ASCIIConvert non-ASCII to escaped UnicodeConvert escaped Unicode to StringUnicode normalization

Encode/Decode

Encode text to MD5 HexEncode text to SHA-1 HexEncode text to SHA-256 HexEncode text to SHA-512 HexEncode text to SHA3-256 HexEncode text to SHA3-512 HexEncode text as URLDecode URL textEncode text to Base64Decode Base64 textEncode text to HexDecode Hex textISO Timestamp to Epoch MillisecondsEpoch Milliseconds to ISO Timestamp

Increment/Decrement

Increment all numbersDecrement all numbersDuplicate and increment numbersDuplicate and decrement numbersCreate sequenceIncrement duplicate numbers

Sort

Reverse order of linesShuffle linesSort case-sensitive A-zSort case-sensitive z-ASort case-insensitive A-ZSort case-insensitive Z-ASort line length ascendingSort line length descendingSort hexadecimallySort lines by subselectionSort tokensShuffle CharactersJSON sortHierarchical sort

Align

Align carets/selectionsFormat text to columns/tableAlign text to leftAlign text to centerAlign text to right

Filter/Remove/Trim

GrepInverted GrepGroup by GrepTrimTrim LeadingTrim TrailingReplace whitespaces with spaceRemove all spacesRemove duplicatesKeep only duplicate linesGroup and CountRemove empty linesRemove consecutive empty linesRemove all newlines

Convert/Minify

Convert Between Char and IntMinify JSONMinify JavaScriptConvert Between JSON and YAML

Other

Reverse LettersSwap WordsSwap Characters/Selections/Lines/TokensWrap or shift quotesSwap between quotesStraighten/Educate quotesSwitch file path separatorsSelect All Occurrences For All CaretsExtend Selection in Different ModeMulti ReplaceDuplicate and Multi ReplacePaste - camelCasedPaste - and Keep SelectionsCreate Border