diff --git a/ChangeLog b/ChangeLog
index 3a522c92e..df1988eff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -83,6 +83,7 @@ $Id$
 + [core] Include Content Security Policy HTTP headers.
 
 3.3.4.0 (not yet released)
+- bug #2996161 [import] properly escape import value
 
 3.3.3.0 (not yet released)
 - patch #2982480 [navi] Do not group if there would be one table in group,
diff --git a/libraries/import.lib.php b/libraries/import.lib.php
index 8ef32494d..cd50694af 100644
--- a/libraries/import.lib.php
+++ b/libraries/import.lib.php
@@ -989,7 +989,7 @@ function PMA_buildSQL($db_name, &$tables, &$analyses = NULL, &$additional_sql =
                 }
                 
                 $tempSQLStr .= (($is_varchar) ? "'" : "");
-				$tempSQLStr .= (str_replace("'", "\'", (string)$tables[$i][ROWS][$j][$k]));
+				$tempSQLStr .= PMA_sqlAddslashes((string)$tables[$i][ROWS][$j][$k]);
 				$tempSQLStr .= (($is_varchar) ? "'" : "");
                 
 				if ($k != ($num_cols - 1)) {