SQL Escape
Гид
SQL Escape
Escape special characters in strings for safe use in SQL queries. Supports multiple SQL dialects including MySQL, PostgreSQL, SQL Server, and SQLite. Prevents SQL injection by properly escaping quotes, backslashes, and other dangerous characters before they reach your database.
Как использовать
Paste your raw string into the input area, select your SQL dialect, and click Escape. The tool applies dialect-specific escaping rules and outputs the safe string. Switch to Unescape mode to reverse the process and recover the original text from an escaped string.
Функции
- 5 SQL Dialects – Generic/ANSI SQL, MySQL, PostgreSQL, SQL Server, and SQLite with dialect-specific escaping rules
- Escape & Unescape – Two-way conversion: escape raw strings for SQL or unescape SQL strings back to raw text
- Comprehensive Escaping – Handles single quotes, double quotes, backslashes, NUL bytes, newlines, carriage returns, and dialect-specific characters
- Ready-to-Use Output – Escaped strings ready to paste directly into SQL queries
- Копировать в буфер обмена – One-click copy of the escaped result
- Только на стороне клиента – All processing happens in your browser with no data sent to any server
Часто задаваемые вопросы
-
Why do different SQL databases need different escaping?
Each SQL database engine has its own rules for handling special characters in strings. MySQL uses backslash escaping (\' for single quotes) while PostgreSQL and ANSI SQL use doubled single quotes (''). SQL Server uses doubled single quotes for strings but square brackets for identifiers. Using the wrong escaping method for your database can leave queries vulnerable to injection or cause syntax errors.
-
Should I use string escaping or parameterized queries?
Parameterized queries (prepared statements) are always the preferred approach for preventing SQL injection in production code. They separate the SQL structure from the data, making injection impossible by design. String escaping is useful for quick testing, debugging, writing one-off scripts, or situations where parameterized queries are not available. For any production application handling user input, always use parameterized queries.
-
What characters does SQL escaping handle?
SQL escaping handles characters that could break query syntax or enable injection attacks. The most important is the single quote ('), which delimits strings in SQL. Other escaped characters include double quotes ("), backslashes (\), NUL bytes (\0), newlines (\n), carriage returns (\r), and the SUB character (\Z in MySQL). The exact set of escaped characters varies by SQL dialect.
Установите наши расширения
Добавьте инструменты ввода-вывода в свой любимый браузер для мгновенного доступа и более быстрого поиска
恵 Табло результатов прибыло!
Табло результатов — это интересный способ следить за вашими играми, все данные хранятся в вашем браузере. Скоро появятся новые функции!
Подписаться на новости
все Новые поступления
всеОбновлять: Наш последний инструмент was added on Апр 1, 2026
Примите участие
Помогите нам продолжать предоставлять ценные бесплатные инструменты
