diff --git a/libraries/classes/CreateAddField.php b/libraries/classes/CreateAddField.php
index 1020f10c3fe0..88c0afffe615 100644
--- a/libraries/classes/CreateAddField.php
+++ b/libraries/classes/CreateAddField.php
@@ -467,7 +467,7 @@ public function getTableCreationQuery(string $db, string $table): string
         if (! empty($_POST['tbl_storage_engine'])
             && ($_POST['tbl_storage_engine'] != 'Default')
         ) {
-            $sqlQuery .= ' ENGINE = ' . $_POST['tbl_storage_engine'];
+            $sqlQuery .= ' ENGINE = ' . $this->dbi->escapeString($_POST['tbl_storage_engine']);
         }
         if (! empty($_POST['tbl_collation'])) {
             $sqlQuery .= Util::getCharsetQueryPart($_POST['tbl_collation']);
diff --git a/test/classes/CreateAddFieldTest.php b/test/classes/CreateAddFieldTest.php
index 74e12adab986..1d0dd5c9970f 100644
--- a/test/classes/CreateAddFieldTest.php
+++ b/test/classes/CreateAddFieldTest.php
@@ -114,6 +114,23 @@ public function providerGetTableCreationQuery()
                     'spatial_indexes' => '{}',
                 ],
             ],
+            [
+                'CREATE TABLE `db`.`table` () ENGINE = Inno\\\'DB CHARSET=armscii8 COMMENT = \'my \\\'table\';',
+                'db',
+                'table',
+                [
+                    'field_name' => [],
+                    'primary_indexes' => '{}',
+                    'indexes' => '{}',
+                    'unique_indexes' => '{}',
+                    'fulltext_indexes' => '{}',
+                    'spatial_indexes' => '{}',
+                    'tbl_storage_engine' => 'Inno\'DB',
+                    'tbl_collation' => 'armscii8',
+                    'connection' => 'aaaa',
+                    'comment' => 'my \'table',
+                ],
+            ],
         ];
     }
 
diff --git a/test/classes/Dbi/DbiDummyTest.php b/test/classes/Dbi/DbiDummyTest.php
index 82de9d899f2d..b6279e8c23b4 100644
--- a/test/classes/Dbi/DbiDummyTest.php
+++ b/test/classes/Dbi/DbiDummyTest.php
@@ -147,5 +147,9 @@ public function testEscapeString(): void
             'a',
             $GLOBALS['dbi']->escapeString('a')
         );
+        $this->assertEquals(
+            'a\\\'',
+            $GLOBALS['dbi']->escapeString('a\'')
+        );
     }
 }
diff --git a/test/classes/Stubs/DbiDummy.php b/test/classes/Stubs/DbiDummy.php
index a53586566d8b..2279cbd04daa 100644
--- a/test/classes/Stubs/DbiDummy.php
+++ b/test/classes/Stubs/DbiDummy.php
@@ -434,7 +434,7 @@ public function fieldFlags($result, $i)
      */
     public function escapeString($link, $str)
     {
-        return $str;
+        return addslashes($str);
     }
 
     /**