Now I noticed that stand-alone backslashes cause errors.
The backslashes in the line in which you work will not affect character substitution. ' If your goal is to replace backslashes, use this:
value = value.replace(/\\/g, "whatever");
... which will replace all backslashes in the string "anything". Note that I had to write two backslashes, not one. This is because in the regular expression literal, a backslash is used to introduce various special characters and character classes, and it is also used as escape - two backslashes together in the regular expression literal (as in a string) represent a single actual backslash in a string.
To change one backslash to two backslashes, use:
value = value.replace(/\\/g, "\\\\");
Please note that, again, to get a literal backslash in the replacement string, we need to avoid each of the two - as a result of which four replacement lines were written in total.
I need to change the value using javascript so that it is ready to be sent as part of the SQL insert query.
You do not want to do this manually. Any technology that allows you to make database queries and such (JDBC, ODBC, etc.) will provide some form of prepared or parameterized statement ( link ) that deals with these problems for you. Performing this operation is almost guaranteed to leave security holes in your software that can be used. You want to use the work of the team, which was supposed to think it over, and which periodically updates the received code when problems are detected, and not fly alone. In addition, if your JavaScript runs on the client (like most of them, but by no means all - I use the server side of JavaScript all the time), then nothing you do to avoid the string can make it safe, as client requests for the server can be tricked by completely circumventing your client code.