How to Escape & Unescape Strings

Escape and unescape strings for JSON, HTML, URLs, SQL, regex, and more. Free online tool that handles special characters, Unicode, and encoding conversions.

Open String Escape Tool →

Step-by-Step Guide

1

Paste your string

Enter the text you need to escape or unescape into the input area. The tool handles strings of any length, including multi-line text, code snippets with special characters, and Unicode content from any language.

2

Choose the escape type

Select the appropriate escape format for your use case — JSON (backslash escaping), HTML (entity encoding), URL (percent encoding), SQL (quote escaping), or regex (metacharacter escaping). Each type follows the official specification for that format.

3

Click Escape or Unescape

Click Escape to convert special characters into their safe representations, or Unescape to convert escaped sequences back to readable text. The tool processes the entire string instantly and highlights which characters were transformed.

4

Copy the result

Copy the escaped or unescaped string to your clipboard with one click. The output is ready to paste directly into your code, configuration file, database query, or API request without additional modifications.

Try It Now — Free

No signup, no download. Runs entirely in your browser.

Open String Escape Tool

Frequently Asked Questions

When do I need to escape strings?
You need to escape strings whenever you embed user input or special characters into a different context — JSON strings require backslash escaping, HTML content needs entity encoding to prevent XSS, SQL queries need quote escaping to prevent injection, and URLs need percent encoding for special characters.
What is the difference between encoding and escaping?
Escaping adds special characters (like backslashes) to make a string safe within a specific format. Encoding transforms characters into a different representation (like URL percent-encoding or Base64). Both serve to handle special characters, but escaping preserves readability while encoding transforms the format.
Does escaping prevent security vulnerabilities?
Proper escaping is essential for preventing injection attacks — SQL injection, XSS (cross-site scripting), and command injection all exploit unescaped user input. Always escape strings at the boundary where data enters a new context (HTML, SQL, shell commands), and use parameterized queries when possible.
Related Reference

JavaScript Cheat Sheet

View Cheat Sheet →

More Guides

How to Format JSON Online How to Encode & Decode Base64 How to Generate UUID Online How to Test an API Online