Why use single quotes instead of double quotes?

Inside single quotes the shell treats every character literally — no variable expansion, command substitution, or escapes — so the value is completely inert. Double quotes still expand the dollar sign, backtick, and backslash, which makes them unsafe for untrusted data.

How is an embedded single quote handled?

You cannot put a single quote inside single quotes, so the tool closes the quote, inserts an escaped quote, and reopens, producing the standard '\'' sequence. The string O'Brien becomes 'O'\''Brien', which the shell reassembles into the original value.

Does this protect against command injection?

Yes, for a single argument. Once a value is wrapped this way the shell cannot interpret any of its characters as syntax, so semicolons, pipes, and backticks are all literal. It is the correct way to interpolate untrusted data into a shell command.

What about an empty string?

An empty value escapes to a pair of single quotes, '', which the shell passes as one genuinely empty argument. Without the quotes the empty token would simply vanish during word-splitting, so the quotes are essential.

Is the output portable across shells?

Single-quote escaping is POSIX-standard and works identically in sh, Bash, Zsh, and Dash. It avoids shell-specific features, so the same escaped argument is safe everywhere a POSIX shell runs, including most CI and container environments.

Shell Argument Escaper

Passing untrusted text to a shell is dangerous: spaces split it into multiple arguments and characters like ;, |, and backtick can run commands. This tool wraps a value into one inert, shell-safe argument using POSIX single-quoting.

How it works

The whole value is wrapped in single quotes, inside which every character is literal. The only character that cannot appear inside single quotes is the single quote itself, so each one is rewritten as the four-character sequence '\'':

hello world   -> 'hello world'
O'Brien       -> 'O'\''Brien'
rm -rf /; ls  -> 'rm -rf /; ls'   (semicolon is now literal)
(empty)       -> ''               (one empty argument)

The shell concatenates adjacent quoted and escaped pieces back into the exact original string, while never interpreting any of its characters as syntax.

Tips and notes

Single quotes beat double quotes for safety because double quotes still expand $, backtick, and \. The '\'' idiom looks odd but is the canonical, portable way to embed a quote — it works in sh, Bash, Zsh, and Dash alike. Always quote the empty string as '' so it survives word-splitting as a real empty argument. Use this whenever you build a command line from variable data; for larger scripts, prefer arrays or passing data via environment or stdin instead.