AlaSQL · Copilot · Dec 7, 2025 · Dec 7, 2025 · Dec 7, 2025 · mathiasrw
diff --git a/src/58json.js b/src/58json.js
@@ -46,7 +46,7 @@ const JSONtoString = (alasql.utils.JSONtoString = function (obj) {
 
 function JSONtoJS(obj, context, tableid, defcols) {
 	var s = '';
-	if (typeof obj == 'string') s = '"' + obj + '"';
+	if (typeof obj == 'string') s = '"' + escapeq(obj) + '"';
 	else if (typeof obj == 'number') s = '(' + obj + ')';
 	else if (typeof obj == 'boolean') s = obj;
 	else if (typeof obj === 'bigint') s = obj.toString() + 'n';
@@ -56,7 +56,7 @@ function JSONtoJS(obj, context, tableid, defcols) {
 		} else if (!obj.toJS || obj instanceof yy.Json) {
 			let ss = [];
 			for (const k in obj) {
-				let keyStr = typeof k === 'string' ? `"${k}"` : k.toString();
+				let keyStr = typeof k === 'string' ? `"${escapeq(k)}"` : k.toString();
 				let valueStr = JSONtoJS(obj[k], context, tableid, defcols);
 				ss.push(`${keyStr}:${valueStr}`);
 			}

diff --git a/src/alasqlparser.jison b/src/alasqlparser.jison
@@ -1460,9 +1460,43 @@ LogicValue
 
 StringValue
 	: STRING
-		{ $$ = new yy.StringValue({value: $1.substr(1,$1.length-2).replace(/(\\\')/g,"'").replace(/(\'\')/g,"'")}); }
+		{ 
+			var str = $1.substr(1,$1.length-2).replace(/(\'\')/g,"'");
+			str = str.replace(/\\(.)/g, function(match, char) {
+				switch(char) {
+					case 'n': return '\n';
+					case 't': return '\t';
+					case 'r': return '\r';
+					case 'b': return '\b';
+					case 'f': return '\f';
+					case 'v': return '\v';
+					case '\\': return '\\';
+					case "'": return "'";
+					case '"': return '"';
+					default: return char;
+				}
+			});
+			$$ = new yy.StringValue({value: str}); 
+		}
 	| NSTRING
-		{ $$ = new yy.StringValue({value: $1.substr(2,$1.length-3).replace(/(\\\')/g,"'").replace(/(\'\')/g,"'")}); }
+		{ 
+			var str = $1.substr(2,$1.length-3).replace(/(\'\')/g,"'");
+			str = str.replace(/\\(.)/g, function(match, char) {
+				switch(char) {
+					case 'n': return '\n';
+					case 't': return '\t';
+					case 'r': return '\r';
+					case 'b': return '\b';
+					case 'f': return '\f';
+					case 'v': return '\v';
+					case '\\': return '\\';
+					case "'": return "'";
+					case '"': return '"';
+					default: return char;
+				}
+			});
+			$$ = new yy.StringValue({value: str}); 
+		}
 	;
 
 NullValue

diff --git a/src/alasqlparser.js b/src/alasqlparser.js
diff --git a/test/test125.js b/test/test125.js
@@ -34,11 +34,12 @@ describe('Test 125 - remove comments', function () {
 		var res = alasql("select 'Cote d''Ivoir'");
 		assert.deepEqual(res, [{"'Cote d'Ivoir'": "Cote d'Ivoir"}]);
 		var res = alasql('select "Cote d\\"Ivoir"');
-		assert.deepEqual(res, [{"'Cote d\\\"Ivoir'": 'Cote d\\"Ivoir'}]);
-		var res = alasql('select "\\r"');
-		assert.deepEqual(res, [{"'\\r'": '\\r'}]);
-		var res = alasql('select "\\n"');
-		assert.deepEqual(res, [{"'\\n'": '\\n'}]);
+		assert.deepEqual(res, [{"'Cote d\"Ivoir'": 'Cote d"Ivoir'}]);
+		// Test escape sequences with aliases to make expectations clearer
+		var res = alasql('select "\\r" as col');
+		assert.deepEqual(res, [{col: '\r'}]);
+		var res = alasql('select "\\n" as col');
+		assert.deepEqual(res, [{col: '\n'}]);
 
 		alasql('drop database test125');
 		done();

diff --git a/test/test134-B.js b/test/test134-B.js
@@ -0,0 +1,74 @@
+if (typeof exports === 'object') {
+	var assert = require('assert');
+	var alasql = require('..');
+}
+
+describe('Test 134-B - Escape sequences in strings', function () {
+	const test = '134B';
+
+	before(function () {
+		alasql('create database test' + test);
+		alasql('use test' + test);
+	});
+
+	after(function () {
+		alasql('drop database test' + test);
+	});
+
+	it('A) Tab escape sequence', function () {
+		var res = alasql("SELECT 'hello\\tworld' AS result");
+		assert.deepEqual(res, [{result: 'hello\tworld'}]);
+	});
+
+	it('B) Newline escape sequence', function () {
+		var res = alasql("SELECT 'line1\\nline2' AS result");
+		assert.deepEqual(res, [{result: 'line1\nline2'}]);
+	});
+
+	it('C) Carriage return escape sequence', function () {
+		var res = alasql("SELECT 'text\\rmore' AS result");
+		assert.deepEqual(res, [{result: 'text\rmore'}]);
+	});
+
+	it('D) Backslash escape sequence', function () {
+		var res = alasql("SELECT 'back\\\\slash' AS result");
+		assert.deepEqual(res, [{result: 'back\\slash'}]);
+	});
+
+	it('E) Form feed escape sequence', function () {
+		var res = alasql("SELECT 'page\\fbreak' AS result");
+		assert.deepEqual(res, [{result: 'page\fbreak'}]);
+	});
+
+	it('F) Backspace escape sequence', function () {
+		var res = alasql("SELECT 'back\\bspace' AS result");
+		assert.deepEqual(res, [{result: 'back\bspace'}]);
+	});
+
+	it('G) Double quote escape sequence', function () {
+		var res = alasql('SELECT "quote\\"here" AS result');
+		assert.deepEqual(res, [{result: 'quote"here'}]);
+	});
+
+	it('H) Mixed escape sequences', function () {
+		var res = alasql("SELECT 'Line 1\\nLine 2\\tTabbed\\rCarriage' AS result");
+		assert.deepEqual(res, [{result: 'Line 1\nLine 2\tTabbed\rCarriage'}]);
+	});
+
+	it('I) Escape sequence in WHERE clause', function () {
+		alasql('CREATE TABLE test_escapes (id INT, text STRING)');
+		alasql("INSERT INTO test_escapes VALUES (1, 'hello\\tworld')");
+		alasql("INSERT INTO test_escapes VALUES (2, 'no tabs here')");
+
+		var res = alasql("SELECT * FROM test_escapes WHERE text = 'hello\\tworld'");
+		assert.deepEqual(res, [{id: 1, text: 'hello\tworld'}]);
+	});
+
+	it('J) Single quote still works', function () {
+		var res = alasql("SELECT 'Cote d\\'Ivoir' AS result");
+		assert.deepEqual(res, [{result: "Cote d'Ivoir"}]);
+
+		var res2 = alasql("SELECT 'Cote d''Ivoir' AS result");
+		assert.deepEqual(res2, [{result: "Cote d'Ivoir"}]);
+	});
+});