String Escaper — JSON, CSV, SQL & Shell Escape a string for a target context.
100% offline
Input42 chars · 2 lines
Output47 chars
Escaped for JSON
She said \"hello\",\nthen left.\tPath: C:\\temp

About String Escaper — JSON, CSV, SQL & Shell

Dropping a raw string into JSON, a CSV file, a SQL query, or a shell command is one of the most common sources of broken output and injection bugs. A stray quote ends a string early, an embedded comma splits a column, and an apostrophe turns a valid query into a syntax error. Each context has its own quoting rules, and getting them right by hand is fiddly and error-prone.

This free online string escaper applies the correct, context-aware rules for you. Escape a value for JSON (backslash escapes for quotes, backslashes, and control characters), CSV (RFC 4180 field quoting with doubled quotes), SQL (single-quote doubling), or POSIX shell (safe single-quote wrapping) — and unescape back again. Everything runs entirely in your browser, so nothing you paste is ever uploaded.

Features

  • Escape strings for JSON, CSV, SQL, and shell with context-correct quoting
  • Unescape values back to their original text
  • Handles tricky characters — quotes, commas, newlines, backslashes, control chars
  • Live recompute, clear error messages, and fully offline

How to use

  1. Paste the value you want to escape or unescape into the input pane.
  2. Pick the target context — JSON, CSV, SQL, or Shell — from the selector.
  3. Choose Escape to encode the value, or Unescape to reverse it.
  4. Copy the result from the output pane.

Frequently asked questions

How does CSV escaping work?

Following RFC 4180, a field is wrapped in double quotes only if it contains a comma, a double quote, or a line break. Any double quotes inside the field are doubled ("" represents one "). Plain fields are left untouched.

Why does SQL escaping only double single quotes?

In standard SQL, a single-quoted string literal escapes an embedded quote by doubling it: O'Brien becomes O''Brien. This tool produces the value for inside the quotes — it is not a substitute for parameterized queries, which remain the only safe defense against SQL injection.

What is the shell escaping rule?

The value is wrapped in single quotes, where everything is literal, and any embedded single quote is written as '\'' — close the quote, add an escaped quote, and reopen. This is the safest general-purpose quoting for POSIX shells like bash and zsh.

Is my data sent anywhere?

No. All escaping and unescaping happens locally in your browser. Your input never leaves your device, which makes it safe for secrets, queries, and production data.

Related tools

Backslash Escape & Unescape String Online Escape and unescape string literals. JSON Formatter, Validator & Beautifier Format, validate and minify JSON Extract Text Column Online — cut / awk Extract a delimited column from each line.

Everything runs locally in your browser — your input is never uploaded.