String Escape / Unescape
Escape and unescape strings for JSON, HTML, URL, SQL, and Regex formats.
What is String Escaping?
String escaping is the process of converting special characters into safe representations.
• JSON: Converts quotes, backslashes, and control characters into escape sequences
• HTML: Converts &, <, >, ", ' into HTML entities
• URL: Converts non-ASCII and reserved characters into percent-encoding
• SQL: Doubles single quotes to prevent SQL injection
• Regex: Adds backslashes before regex special characters to use them literally
Usage Examples
FAQ
Why do we need to escape strings?
Escaping prevents special characters from being interpreted as syntax elements. For example, an unescaped quote in JSON would be mistakenly treated as the end of a string.
Can SQL escaping fully prevent SQL injection?
Simple quote escaping alone is not sufficient. In production, always use parameterized queries (prepared statements) to properly prevent SQL injection attacks.
What is the difference between URL encoding and escaping?
URL encoding converts unsafe URL characters into %XX format and is a form of escaping. encodeURIComponent is used for URI components and also encodes characters like /, ?, and #.