diff --git a/htdocs/core/db/mysql.class.php b/htdocs/core/db/mysql.class.php
index 89c8885d74a..fd83f876f64 100644
--- a/htdocs/core/db/mysql.class.php
+++ b/htdocs/core/db/mysql.class.php
@@ -800,8 +800,8 @@ class DoliDBMysql
 		if (empty($collation)) $collation=$this->forcecollate;
 
 		// ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci
-		$sql = 'CREATE DATABASE '.$database;
-		$sql.= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation;
+        $sql = "CREATE DATABASE '".$this->escape($database)."'";
+        $sql.= " DEFAULT CHARACTER SET '".$this->escape($charset)."' DEFAULT COLLATE '".$this->escape($collation)."'";
 
 		dol_syslog($sql,LOG_DEBUG);
 		$ret=$this->query($sql);
diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php
index 82496a9e3cd..8d19617555f 100644
--- a/htdocs/core/db/mysqli.class.php
+++ b/htdocs/core/db/mysqli.class.php
@@ -794,8 +794,8 @@ class DoliDBMysqli
         if (empty($collation)) $collation=$this->forcecollate;
 
         // ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci
-        $sql = 'CREATE DATABASE '.$database;
-        $sql.= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation;
+        $sql = "CREATE DATABASE '".$this->escape($database)."'";
+        $sql.= " DEFAULT CHARACTER SET '".$this->escape($charset)."' DEFAULT COLLATE '".$this->escape($collation)."'";
 
         dol_syslog($sql,LOG_DEBUG);
         $ret=$this->query($sql);