SQL Escape
Guia
SQL Escape
Escape special characters in strings for safe use in SQL queries. Supports multiple SQL dialects including MySQL, PostgreSQL, SQL Server, and SQLite. Prevents SQL injection by properly escaping quotes, backslashes, and other dangerous characters before they reach your database.
Como usar
Paste your raw string into the input area, select your SQL dialect, and click Escape. The tool applies dialect-specific escaping rules and outputs the safe string. Switch to Unescape mode to reverse the process and recover the original text from an escaped string.
Características
- 5 SQL Dialects – Generic/ANSI SQL, MySQL, PostgreSQL, SQL Server, and SQLite with dialect-specific escaping rules
- Escape & Unescape – Two-way conversion: escape raw strings for SQL or unescape SQL strings back to raw text
- Comprehensive Escaping – Handles single quotes, double quotes, backslashes, NUL bytes, newlines, carriage returns, and dialect-specific characters
- Ready-to-Use Output – Escaped strings ready to paste directly into SQL queries
- Copiar para área de transferência – One-click copy of the escaped result
- Apenas no Lado do Cliente – All processing happens in your browser with no data sent to any server
Perguntas frequentes
-
Why do different SQL databases need different escaping?
Each SQL database engine has its own rules for handling special characters in strings. MySQL uses backslash escaping (\' for single quotes) while PostgreSQL and ANSI SQL use doubled single quotes (''). SQL Server uses doubled single quotes for strings but square brackets for identifiers. Using the wrong escaping method for your database can leave queries vulnerable to injection or cause syntax errors.
-
Should I use string escaping or parameterized queries?
Parameterized queries (prepared statements) are always the preferred approach for preventing SQL injection in production code. They separate the SQL structure from the data, making injection impossible by design. String escaping is useful for quick testing, debugging, writing one-off scripts, or situations where parameterized queries are not available. For any production application handling user input, always use parameterized queries.
-
What characters does SQL escaping handle?
SQL escaping handles characters that could break query syntax or enable injection attacks. The most important is the single quote ('), which delimits strings in SQL. Other escaped characters include double quotes ("), backslashes (\), NUL bytes (\0), newlines (\n), carriage returns (\r), and the SUB character (\Z in MySQL). The exact set of escaped characters varies by SQL dialect.
Instale nossas extensões
Adicione ferramentas de IO ao seu navegador favorito para acesso instantâneo e pesquisa mais rápida
恵 O placar chegou!
Placar é uma forma divertida de acompanhar seus jogos, todos os dados são armazenados em seu navegador. Mais recursos serão lançados em breve!
Ferramentas essenciais
Ver tudo Novas chegadas
Ver tudoAtualizar: Nosso ferramenta mais recente was added on Abr 1, 2026
Envolver-se
Ajude-nos a continuar fornecendo ferramentas gratuitas valiosas
