String Escape

Paste text, pick a target (JSON, JS, SQL, etc.) and a direction — get an escaped string ready to drop into code, or the reverse: clean text from a literal. It all runs in the browser.

What escaping is. Escaping replaces characters that have special meaning inside a string with safe sequences: quotes, backslashes, newlines. For example, to put text with quotes inside a JSON string, the quotes must become \". Each format has its own rules: JSON and JavaScript are similar but not identical, SQL doubles a single quote, and in shell it is safest to wrap the string in single quotes. The tool knows each target's rules and converts both ways.

FAQ

How is JSON escaping different from JavaScript?

They are very similar — backslash, quotes, \n, \t escape the same way. But JavaScript strings allow single quotes and backticks, and escapes like \x41 and \u{1F600} that strict JSON does not. So to paste into JSON specifically, choose the JSON target.

Can this protect against SQL injection?

Escaping quotes is not a substitute for parameterized queries. The correct, safe approach is prepared statements with placeholders, where values are passed separately from the query text. String escaping here is more for debugging and manual substitution than for production.

How do I escape a string for regex?

You escape the regex metacharacters: . * + ? ( ) [ ] { } ^ $ | \ and the slash. After that the text can be safely inserted into a pattern as a literal, without a dot matching any character.

Why escape a CSV field?

If a value contains a comma, a quote, or a newline, it must be wrapped in double quotes, and the quotes inside doubled. Otherwise the CSV parser splits the row into the wrong columns.