How does standard SQL escape a string?

ANSI SQL escapes a single quote by doubling it, so O'Brien becomes O''Brien. That is the only escaping the standard requires inside a single-quoted string literal. This tool's Standard mode applies exactly that rule and nothing more.

Why does MySQL need extra escaping?

By default MySQL also treats the backslash as an escape character inside string literals, so a literal backslash and control characters like newline must be escaped. MySQL mode here doubles quotes and additionally escapes backslash, newline, carriage return, tab, and NUL.

Is escaping a safe substitute for parameterised queries?

No. Manual escaping is error-prone and dialect-specific. Always use prepared statements or parameter binding in production. This tool is for ad-hoc queries, generating fixtures, and understanding how escaping works, not for building queries from untrusted input.

Should I wrap the result in quotes?

Use the wrap toggle to get a complete single-quoted literal ready to drop into a query. Leave it off when you are inserting the escaped body into a string you are already building so you control the surrounding quotes.

Does it handle the NO_BACKSLASH_ESCAPES mode?

If your MySQL server runs with NO_BACKSLASH_ESCAPES, backslashes are literal and only quote-doubling applies. In that case use Standard mode, which matches ANSI behaviour and the way most other databases such as PostgreSQL treat string literals.

SQL String Escaper — Gera Tools

Placing a value inside a SQL string literal means escaping it so a stray quote cannot break out of the string. This tool applies the correct rule for your dialect: ANSI quote-doubling, or MySQL’s additional backslash handling.

How it works

Standard SQL needs only quote-doubling. MySQL, by default, also treats the backslash as special, so more characters must be escaped:

Standard:  '  -> ''
MySQL:     '  -> ''    \ -> \\    NUL -> \0
           newline -> \n   carriage return -> \r   tab -> \t

In both modes the result is the body of the literal; turn on the wrap option to get it enclosed in single quotes as a ready-to-use literal.

Tips and notes

This tool is for ad-hoc queries, test fixtures, and learning — never build production queries from untrusted input by string-escaping. Use prepared statements or parameter binding, which sidestep escaping entirely and are immune to injection. If your MySQL server runs with NO_BACKSLASH_ESCAPES, backslashes are ordinary characters, so use Standard mode, which also matches PostgreSQL and most other engines.