SQL Escape and Unescape Tool

Escape apostrophes for ANSI SQL string literals, or decode doubled quotes back to text.

What it does

ANSI SQL string literals escape an apostrophe by doubling it. For example, O'Reilly becomes O''Reilly when placed inside a single-quoted SQL string.

Unescaping reverses doubled apostrophes back to plain apostrophes. It can also read a complete single-quoted literal such as 'O''Reilly'.

Common uses

  • Escape text for documentation, migrations, seed data, manual SQL snippets, and tests that need SQL literal content.
  • Decode doubled apostrophes from query logs or copied SQL strings when you need the original text.
  • Use prepared statements or parameterized queries for application code that handles user input.

Watch outs

  • Escaping text is not a complete SQL injection defense. Parameterized queries are the safer default.
  • Database dialects differ. This tool uses ANSI-style doubled apostrophes, not MySQL backslash escaping.
  • The output is SQL string content. Add surrounding quotes only in the SQL context where you need them.

Privacy

SQL string escaping and unescaping runs in your browser. The text is not sent to Crypto Lambda.

FAQ

Is this enough to prevent SQL injection?

No. Use parameterized queries for application code. This tool is for literal snippets, debugging, seed data, and examples.

Why does SQL use two apostrophes?

In standard SQL single-quoted strings, a doubled apostrophe represents one literal apostrophe character.

Does this use backslash escaping?

No. Backslash behavior varies by database settings, so this tool uses portable ANSI-style doubled apostrophes.

Related tools