diff --git a/phpBB/db/mysql.php b/phpBB/db/mysql.php
index 96a8a6ea8f..9925779e33 100644
--- a/phpBB/db/mysql.php
+++ b/phpBB/db/mysql.php
@@ -236,7 +236,7 @@ class sql_db
 				}
 				elseif (is_string($var))
 				{
-					$values[] = "'" . sql_quote($var) . "'";
+					$values[] = "'" . $this->sql_escape($var) . "'";
 				}
 				else
 				{
@@ -257,7 +257,7 @@ class sql_db
 				}
 				elseif (is_string($var))
 				{
-					$values[] = "$key = '" . sql_quote($var) . "'";
+					$values[] = "$key = '" . $this->sql_escape($var) . "'";
 				}
 				else
 				{
diff --git a/phpBB/db/mysql4.php b/phpBB/db/mysql4.php
index 0742f0966e..52a4a76ec7 100644
--- a/phpBB/db/mysql4.php
+++ b/phpBB/db/mysql4.php
@@ -130,11 +130,13 @@ class sql_db
 				$curtime = explode(' ', microtime());
 				$curtime = $curtime[0] + $curtime[1] - $starttime;
 			}
+
 			if (!$this->query_result = @mysql_query($query, $this->db_connect_id))
 			{
 				$this->sql_error($query);
 			}
-if (!empty($_REQUEST['explain']))
+
+			if (!empty($_REQUEST['explain']))
 			{
 				$endtime = explode(' ', microtime());
 				$endtime = $endtime[0] + $endtime[1] - $starttime;
@@ -226,7 +228,7 @@ if (!empty($_REQUEST['explain']))
 				}
 				elseif (is_string($var))
 				{
-					$values[] = "'" . str_replace('\\\'', '\'\'', $var) . "'";
+					$values[] = "'" . $this->sql_escape($var) . "'";
 				}
 				else
 				{
@@ -247,7 +249,7 @@ if (!empty($_REQUEST['explain']))
 				}
 				elseif (is_string($var))
 				{
-					$values[] = "$key = '" . str_replace('\\\'', '\'\'', $var) . "'";
+					$values[] = "$key = '" . $this->sql_escape($var) . "'";
 				}
 				else
 				{