diff --git a/lib/core/common.py b/lib/core/common.py
index 457d1b048..c3951b33b 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1564,8 +1564,8 @@ def safeStringFormat(format_, params):
     """
     Avoids problems with inappropriate string format strings
 
-    >>> safeStringFormat('foobar%d%s', ('1', 2))
-    u'foobar12'
+    >>> safeStringFormat('SELECT foo FROM %s LIMIT %d', ('bar', '1'))
+    u'SELECT foo FROM bar LIMIT 1'
     """
 
     if format_.count(PAYLOAD_DELIMITER) == 2:
diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
index d56136f7f..b37f6c0eb 100644
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
         * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
 
     >>> tamper("1' AND 1=1")
-    '1%bf%27 AND 1=1-- '
+    '1%bf%27-- '
     """
 
     retVal = payload
@@ -44,9 +44,10 @@ def tamper(payload, **kwargs):
                 continue
 
         if found:
-            _ = re.sub("(?i)\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
+            _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
             if _ != retVal:
                 retVal = _
                 retVal += "-- "
-
+            elif not any(_ in retVal for _ in ('#', '--', '/*')):
+                retVal += "-- "
     return retVal