diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index 556ff300d45158fad0075a33f81eb5e1b11ded66..ed3b36488b7a15993ead696b7d66827b804901ff 100644
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -49,7 +49,7 @@ from MethodObject import Method
 
 from Products.ERP5Security import mergedLocalRoles
 from Products.ERP5Security.ERP5UserManager import SUPER_USER
-from Products.ERP5Type.Utils import sqlquote
+from Products.ZSQLCatalog.Utils import sqlquote
 
 import warnings
 from zLOG import LOG, PROBLEM, WARNING, INFO
diff --git a/product/ERP5Type/Utils.py b/product/ERP5Type/Utils.py
index 3d9a09c8e8f1a5d593b2b2680c5f88e9c8d5b2a1..5d74734f9e190392f1ab764d807385bc784f5e54 100644
--- a/product/ERP5Type/Utils.py
+++ b/product/ERP5Type/Utils.py
@@ -1489,28 +1489,6 @@ def mergeZRDBResults(results, key_column, edit_result):
       for row in data
     ]))
 
-#####################################################
-# SQL text escaping
-#####################################################
-def sqlquote(x):
-  """
-  Escape data suitable for inclusion in generated ANSI SQL92 code for
-  cases where bound variables are not suitable.
-
-  Inspired from zope/app/rdb/__init__.py:sqlquote, modified to:
-   - use isinstance instead of type equality
-   - use string member methods instead of string module
-  """
-  if isinstance(x, basestring):
-    x = "'" + x.replace('\\', '\\\\').replace("'", "''") + "'"
-  elif isinstance(x, (int, long, float)):
-    pass
-  elif x is None:
-    x = 'NULL'
-  else:
-    raise TypeError, 'do not know how to handle type %s' % type(x)
-  return x
-
 #####################################################
 # Hashing
 #####################################################
diff --git a/product/ZSQLCatalog/Operator/OperatorBase.py b/product/ZSQLCatalog/Operator/OperatorBase.py
index e4b6eb50150339c55f3cfabc072ba0ec914f5b93..1f0ca81cbfb60618ed19e33bb07569de2df701b5 100644
--- a/product/ZSQLCatalog/Operator/OperatorBase.py
+++ b/product/ZSQLCatalog/Operator/OperatorBase.py
@@ -30,13 +30,10 @@
 
 from zLOG import LOG
 from Products.ZSQLCatalog.interfaces.operator import IOperator
+from Products.ZSQLCatalog.Utils import sqlquote as escapeString
 from zope.interface.verify import verifyClass
 from zope.interface import implements
 
-def escapeString(value):
-  # Inspired from ERP5Type/Utils:sqlquote, but this product must not depend on it.
-  return "'" + value.replace('\\', '\\\\').replace("'", "''") + "'"
-
 def valueFloatRenderer(value):
   if isinstance(value, basestring):
     value = float(value.replace(' ', ''))
diff --git a/product/ZSQLCatalog/Utils.py b/product/ZSQLCatalog/Utils.py
new file mode 100644
index 0000000000000000000000000000000000000000..734bb45e0c8ab79775004c83e6faec29b1358bb1
--- /dev/null
+++ b/product/ZSQLCatalog/Utils.py
@@ -0,0 +1,44 @@
+##############################################################################
+#
+# Copyright (c) 2015 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+def sqlquote(value):
+  # See MySQL documentation of string literals.
+  # XXX: should use sql_quote__ on actual connector
+  # (ex: ZMySQLDA.DA.Connection.sql_quote__).
+  # Duplicating such code is error-prone, and makes us rely on a specific SQL
+  # dialect...
+  return "'" + (value
+    .replace('\x5c', r'\\')
+    .replace('\x00', r'\0')
+    .replace('\x08', r'\b')
+    .replace('\x09', r'\t')
+    .replace('\x0a', r'\n')
+    .replace('\x0d', r'\r')
+    .replace('\x1a', r'\Z')
+    .replace('\x22', r'\"')
+    .replace('\x27', r"\'")
+  ) + "'"