Lists · 6 min read · Updated 2026-05-08

How to Format a List for SQL, JSON, or HTML

Three target formats. Three different sets of escaping rules. The same starting list. The right transform for each, with the escaping rules nobody likes thinking about — but which break SQL queries and JSON parsers when skipped.

The starting list

For each example below, the input is the same five-item list:

red
green
blue
orange
yellow

Format 1 — SQL IN clause

Want:

WHERE color IN ('red', 'green', 'blue', 'orange', 'yellow')

Steps:

  1. Paste list into the Prefix & Suffix tool.
  2. Prefix: '
  3. Suffix: ',
  4. "No trailing separator on last line": on.
  5. Copy.
  6. Wrap with WHERE color IN ( at top and ) at bottom.

Escape: if any item contains a single quote, replace ' with '' first. The Find & Replace tool handles this in one pass.

Limit: most databases reject IN clauses past 1,000 items. For longer lists, build a temp table or use JOIN against a staging table.

Format 2 — JSON array

Want:

["red", "green", "blue", "orange", "yellow"]

Steps:

  1. Paste list into Prefix/Suffix.
  2. Prefix: "
  3. Suffix: ",
  4. "No trailing separator": on.
  5. Copy. Wrap with [ and ].

Multi-line is fine for readability; one-line works too.

Escape: if items contain double quotes, replace " with \" first. If items contain backslashes, replace \ with \\ first. The JSON Formatter validates the result and flags any escaping mistakes.

Format 3 — HTML unordered list

Want:

<ul>
  <li>red</li>
  <li>green</li>
  <li>blue</li>
  <li>orange</li>
  <li>yellow</li>
</ul>

Steps:

  1. Paste list into Prefix/Suffix.
  2. Prefix: <li>
  3. Suffix: </li>
  4. Copy. Wrap with <ul> at top and </ul> at bottom.

Escape: if items contain HTML special characters (<, >, &), pre-encode them as &lt;, &gt;, &amp;.

For ordered lists, swap <ul> for <ol> in the wrapper. The <li> markup stays the same.

Format 4 — markdown bullet list

Want:

- red
- green
- blue
- orange
- yellow

Steps:

  1. Paste list into Prefix/Suffix.
  2. Prefix: - (dash, space)
  3. Suffix: empty
  4. Copy.

Escape: markdown is permissive. The only items that need attention: lines starting with characters markdown reserves (-, *, #, >). For those, prefix with a backslash: \- starts with dash.

For numbered lists, use prefix 1. for every line — the renderer renumbers automatically.

Format 5 — comma-separated string

Want:

red, green, blue, orange, yellow

Steps:

  1. Paste list into Prefix/Suffix.
  2. Prefix: empty
  3. Suffix: ,
  4. "No trailing separator": on.
  5. Copy.
  6. Find/replace newlines with spaces (or use the "join with separator" toggle if available).

For TSV (tab-separated), use a tab as the separator. For comma-separated with quoted fields (CSV with embedded commas), prefix ", suffix ",.

Format 6 — Python / Ruby / Go list literal

The same JSON-array workflow produces valid syntax for most languages:

colors = ["red", "green", "blue", "orange", "yellow"]

Just paste the JSON array as the right-hand side. Works in Python, JavaScript, TypeScript, Ruby (with %w[red green blue] as an alternative for word arrays), and Go (with []string{"red", "green", "blue"} as an alternative).

The escaping rules summary

TargetEscapeReplacement
SQL string'''
JSON string"\"
JSON string\\\
HTML text<&lt;
HTML text>&gt;
HTML text&&amp;
Markdown- at line start\-
CSV,wrap field with "..."
CSV" inside quoted field""
The full pipeline. Paste in the Prefix & Suffix tool, choose the format, copy. The escaping for each destination format is handled automatically when needed.

The trap that bites everyone once

Mismatched escapes between layers. You build a SQL IN clause from a list. The list contains O'Brien. Without the SQL escape ('''), the resulting SQL is:

WHERE name IN ('O'Brien', ...)

That's syntactically broken. The single quote inside O'Brien closes the string early. The query fails, or worse — if the input came from user-controlled text, this is a SQL injection vulnerability.

Always escape for the destination format. The TextKit tools don't do this automatically because the right escape depends on context — but they make the escape pass quick once you know which one to do.

For the broader reference on list operations, see List Operations: The Complete Guide. For the prefix/suffix workflow, see How to Add Prefix/Suffix to Each Line.

Frequently asked questions

How do I escape single quotes in a SQL IN clause?

Replace each single quote with two single quotes: '''. So O'Brien becomes 'O''Brien' in the IN clause. This is the SQL standard.

What's the JSON escape for a double quote inside a string?

Backslash-escape: \". JSON also requires escaping backslash itself (\\) and certain control characters.

Are markdown bullets order-sensitive?

Numbered markdown lists are order-sensitive in source: each line must start with 1., 2., etc. Most renderers auto-renumber, so writing 1. 1. 1. works too. Bullet markdown lists (-) are not order-sensitive.

Can I copy a Google Sheets column directly into a SQL IN clause?

Not directly — Sheets gives you tab-separated text. Convert it: paste into the Prefix & Suffix tool with prefix ', suffix ',, and 'no trailing separator' on. Wrap the result in parens.

How do I handle very long IN clauses (1000+ items)?

Most databases reject IN clauses past a certain size — Oracle's limit is 1000, SQL Server's is around 10,000. For long lists, use a temporary table or a JOIN against a staging table instead.

Keep reading

Related

List Operations: The Complete Guide

 Related

How to Add Prefix/Suffix to Each Line

 Related

How to Remove Duplicate Lines

Written by the TextKit team. We build the tools we write about — try the Prefix & Suffix tool used in this post.