String Escape / Unescape

Escape special characters in strings for JSON, JavaScript, HTML, XML, SQL, regex, and CSV. Or unescape them back to readable text. Useful for embedding strings in code.

Input

Output

Hello\nWorld!\nIt's a \"test\" with special chars: <>&

Frequently Asked Questions

When do I need to escape strings?

Any time you embed a string in another context: JSON values (escape quotes and backslashes), SQL queries (escape quotes to prevent SQL injection), HTML attributes (escape <, >, &), URL parameters (encode special chars), or regex patterns (escape metacharacters).

What is SQL injection and how does escaping prevent it?

SQL injection happens when user input is concatenated directly into SQL queries, allowing attackers to alter the query logic. Escaping replaces single quotes with '' (doubled) so the input can't break out of the string context. Better: use parameterized queries instead of manual escaping.