diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 4028ec4f8..a1ea26434 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -55,6 +55,7 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.settings import CONSTANT_RATIO
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
+from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -670,7 +671,11 @@ def heuristicCheckSqlInjection(place, parameter):
         if conf.suffix:
             suffix = conf.suffix
 
-    payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
+    randStr = ""
+    while '\'' not in randStr:
+        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
+
+    payload = "%s%s%s" % (prefix, randStr, suffix)
     payload = agent.payload(place, parameter, newValue=payload)
     page, _ = Request.queryPage(payload, place, content=True, raise404=False)
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 7d77a128c..7cc558dc5 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -435,6 +435,9 @@ MAX_DNS_LABEL = 63
 # Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
 DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.letters)
 
+# Alphabet used for heuristic checks
+HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', '[', ']', ',', '.')
+
 # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
 MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024