SQL Escape and Unescape Tool
Escape apostrophes for ANSI SQL string literals, or decode doubled quotes back to text.
What it does
ANSI SQL string literals escape an apostrophe by doubling it. For example, O'Reilly becomes O''Reilly when placed inside a single-quoted SQL string.
Unescaping reverses doubled apostrophes back to plain apostrophes. It can also read a complete single-quoted literal such as 'O''Reilly'.
Common uses
- Escape text for documentation, migrations, seed data, manual SQL snippets, and tests that need SQL literal content.
- Decode doubled apostrophes from query logs or copied SQL strings when you need the original text.
- Use prepared statements or parameterized queries for application code that handles user input.
Watch outs
- Escaping text is not a complete SQL injection defense. Parameterized queries are the safer default.
- Database dialects differ. This tool uses ANSI-style doubled apostrophes, not MySQL backslash escaping.
- The output is SQL string content. Add surrounding quotes only in the SQL context where you need them.
Privacy
SQL string escaping and unescaping runs in your browser. The text is not sent to Crypto Lambda.
FAQ
Is this enough to prevent SQL injection?
No. Use parameterized queries for application code. This tool is for literal snippets, debugging, seed data, and examples.
Why does SQL use two apostrophes?
In standard SQL single-quoted strings, a doubled apostrophe represents one literal apostrophe character.
Does this use backslash escaping?
No. Backslash behavior varies by database settings, so this tool uses portable ANSI-style doubled apostrophes.
Related tools
JSON Escape
Client-side JSON string escape and unescape tool for quotes, backslashes, control characters, tabs, newlines, and Unicode escape sequences.
URL Encoder
Encode and decode URL components or full URLs, with clear errors for malformed percent escapes.
Base64
Convert text to Base64, decode Base64 back to UTF-8, and switch to Base64URL for tokens, JWT segments, and URL-safe payloads.