Prefix and Suffix not using a backslash

[uBadRequest]

Describe the bug
The prefix and suffix is changing backslashes to __BACKSLASH

To Reproduce

1. Run 'sqlmap -u 'http://docker.hackthebox.eu:30444/?obj=eyJJRCI6IjEifQo=' --base64=obj --prefix='{"ID":"' --suffix='"}' -v 5'
2. Decode base64 encoded parameter and you'll see the backslashes are changed to __BACKSLASH

Expected behavior
{"ID":"{"ID":"'UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 1)b#"}"}
I wanted sqlmap to place payloads where "UNION SELECT * FROM (SELECT 1)a JOIN (SELECT 1)b#" is and figured I could use prefixes to accomplish this.

Screenshots
If applicable, add screenshots to help explain your problem.

Running environment:

• sqlmap version [1.4.5.27#dev]
• Installation method [git]
• Operating system: [Debian Linux]
• Python version [3.8.3]

Target details:

• DBMS [MySQL]
• SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]
• WAF/IPS [if any]
• Relevant console output [if any]
• Exception traceback [if any]

Additional context
Challenge EZPZ on hackthebox

[uBadRequest]

Sorry! Just realized I didn't place the prefix and suffix in a code box so it removed the backslash.
--base64=obj --prefix='{\"ID\":\"' --suffix='\"}' -v 5

Anyways I found another way to do this!

[uBadRequest]

{"ID":"' UNION SELECT * from (SELECT 1)a JOIN (SELECT * from information_schema.tables)b#"}

Kept saying... Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in /var/www/html/index.php on line 34

Had to do it manually.

[stamparm]

I patched it with the latest revision, though, I am not sure that you are doing this properly. That same error doesn't prove nor say anything more than that MySQL is not "spitting" anything useful as a result

[uBadRequest]

What I meant was the way you had to do the injection was include 1 as a mysqli_result, and then use mysql.innodb_index_stats instead of information_schema to get the tables/database name. Does sqlmap not use that method of retrieving database/table names? It said it found an injection but could never get the table/database names

[stamparm]

It uses both system tables for such retrieval (https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/queries.xml#L54-L57). You are now all of a sudden speaking about totally unrelated stuff