From 65a138ebd5c06f87e1c56bea2fda0a253d427ee9 Mon Sep 17 00:00:00 2001
From: Pradeep Nayak <pradpnayak@gmail.com>
Date: Tue, 25 Aug 2015 02:45:29 +0530
Subject: [PATCH] CRM-16617, used safe approach method to generate create
 database query

----------------------------------------
* CRM-16617:
  https://issues.civicrm.org/jira/browse/CRM-16617
---
 install/index.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/install/index.php b/install/index.php
index 354fc51cd7..87a45d6d4a 100644
--- a/install/index.php
+++ b/install/index.php
@@ -1096,7 +1096,8 @@ class InstallRequirements {
       return;
     }
     else {
-      if (@mysql_query("CREATE DATABASE $database")) {
+      $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+      if (@mysql_query($query)) {
         $okay = ts("Able to create a new database.");
       }
       else {
@@ -1228,8 +1229,8 @@ class Installer extends InstallRequirements {
       // skip if database already present
       return;
     }
-
-    if (@mysql_query("CREATE DATABASE $database")) {
+    $query = sprintf("CREATE DATABASE %s", mysql_real_escape_string($database));
+    if (@mysql_query($query)) {
     }
     else {
       $errorTitle = ts("Oops! Could not create database %1", array(1 => $database));
-- 
2.25.1