diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 5c2e2908eb..63e9506ad9 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -289,7 +289,7 @@ class acp_database
 
 									// Remove from database
 									$sql = "DELETE FROM " . $table_prefix . "backups
-										WHERE filename = '" . $file_name . "';";
+										WHERE filename = '" . $db->sql_escape($file_name) . "';";
 									$db->sql_query($sql);
 								}
 								catch (\Exception $e)