SQL Escape
Guide
SQL Escape
Escape special characters in strings for safe use in SQL queries. Supports multiple SQL dialects including MySQL, PostgreSQL, SQL Server, and SQLite. Prevents SQL injection by properly escaping quotes, backslashes, and other dangerous characters before they reach your database.
Comment utiliser
Paste your raw string into the input area, select your SQL dialect, and click Escape. The tool applies dialect-specific escaping rules and outputs the safe string. Switch to Unescape mode to reverse the process and recover the original text from an escaped string.
Caractéristiques
- 5 SQL Dialects – Generic/ANSI SQL, MySQL, PostgreSQL, SQL Server, and SQLite with dialect-specific escaping rules
- Escape & Unescape – Two-way conversion: escape raw strings for SQL or unescape SQL strings back to raw text
- Comprehensive Escaping – Handles single quotes, double quotes, backslashes, NUL bytes, newlines, carriage returns, and dialect-specific characters
- Ready-to-Use Output – Escaped strings ready to paste directly into SQL queries
- Copier dans le presse-papiers – One-click copy of the escaped result
- Côté client uniquement – All processing happens in your browser with no data sent to any server
FAQ
-
Why do different SQL databases need different escaping?
Each SQL database engine has its own rules for handling special characters in strings. MySQL uses backslash escaping (\' for single quotes) while PostgreSQL and ANSI SQL use doubled single quotes (''). SQL Server uses doubled single quotes for strings but square brackets for identifiers. Using the wrong escaping method for your database can leave queries vulnerable to injection or cause syntax errors.
-
Should I use string escaping or parameterized queries?
Parameterized queries (prepared statements) are always the preferred approach for preventing SQL injection in production code. They separate the SQL structure from the data, making injection impossible by design. String escaping is useful for quick testing, debugging, writing one-off scripts, or situations where parameterized queries are not available. For any production application handling user input, always use parameterized queries.
-
What characters does SQL escaping handle?
SQL escaping handles characters that could break query syntax or enable injection attacks. The most important is the single quote ('), which delimits strings in SQL. Other escaped characters include double quotes ("), backslashes (\), NUL bytes (\0), newlines (\n), carriage returns (\r), and the SUB character (\Z in MySQL). The exact set of escaped characters varies by SQL dialect.
Installez nos extensions
Ajoutez des outils IO à votre navigateur préféré pour un accès instantané et une recherche plus rapide
恵 Le Tableau de Bord Est Arrivé !
Tableau de Bord est une façon amusante de suivre vos jeux, toutes les données sont stockées dans votre navigateur. D'autres fonctionnalités arrivent bientôt !
Outils essentiels
Tout voir Nouveautés
Tout voirMise à jour: Notre dernier outil was added on Avr 1, 2026
Impliquez-vous
Aidez-nous à continuer à fournir des outils gratuits et précieux
