How to Escape Single Quote in SQL

Use escaped single quotes when text values themselves contain apostrophes, names, or contractions. This is essential for safe string literals like surnames, product names, and natural-language content.

What you’ll build or solve

You’ll learn how to escape a single quote in SQL string literals. You’ll also know the safest long-term approach for dynamic user input.

When this approach works best

This approach is the right choice when you write a literal string directly inside a SQL query.

Common real-world scenarios include:

• Customer names like O'Brien
• Product names with apostrophes
• Text search filters
• Inserting natural language
• Seed data scripts

This is a bad idea for dynamic user input built through string concatenation. In that case, use parameterized queries.

Prerequisites

You only need:

• Basic SELECT, INSERT, or WHERE knowledge
• A text value containing an apostrophe

Step-by-step instructions

Step 1: Double the single quote inside the string

The standard SQL escape pattern is two single quotes.

SELECT *
FROM customers
WHERE last_name = 'O''Brien';

This correctly matches the literal text O'Brien.

The same pattern works in inserts.

INSERT INTO authors (name)
VALUES ('D''Angelo');

This is the SQL-standard way across most databases.

What to look for:

• Use two single quotes inside the string
• Works in SELECT, INSERT, UPDATE, and DELETE
• Great for names and natural text
• Standard SQL syntax is portable
• Parameterized queries are safer for user input

Examples you can copy

Find a customer

SELECT *
FROM customers
WHERE last_name = 'O''Brien';

Insert author

INSERT INTO authors (name)
VALUES ('D''Angelo');

Product search

SELECT *
FROM products
WHERE name = 'Traveler''s Notebook';

Common mistakes and how to fix them

Mistake 1: Using a backslash in standard SQL

What the reader might do:

WHERE last_name = 'O\'Brien'

Why it breaks: backslash escaping is not portable and may fail in standard SQL systems.

Corrected approach:

WHERE last_name = 'O''Brien'

Mistake 2: Building raw SQL from user input

What the reader might do:

"SELECT * FROM users WHERE name = '" + input + "'"

Why it breaks: this creates SQL injection risk.

Corrected approach:

Use prepared statements or parameterized queries.

Mistake 3: Forgetting apostrophes in seed data

What the reader might do:

VALUES ('John's Book')

Why it breaks: the string closes too early.

Corrected approach:

VALUES ('John''s Book')

Troubleshooting

If the query errors near the apostrophe, double the quote.

If the query is built from user input, switch to parameters.

If the syntax works in one database but not another, prefer standard doubled quotes.

If many text values need insertion, use parameterized bulk inserts.

Quick recap

• Escape apostrophes with two single quotes
• Works in all major SQL clauses
• Standard SQL is portable
• Do not concatenate raw user input
• Prefer parameterized queries for safety