diff --git a/phpBB/phpbb/config/db.php b/phpBB/phpbb/config/db.php
index 4efe0d2810..5c20bb5ec9 100644
--- a/phpBB/phpbb/config/db.php
+++ b/phpBB/phpbb/config/db.php
@@ -170,8 +170,8 @@ class db extends config
 		if (!isset($this->config[$key]))
 		{
 			$sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array(
-				'config_name'	=> $key,
-				'config_value'	=> $new_value,
+				'config_name'	=> $this->db->sql_escape($key),
+				'config_value'	=> $this->db->sql_escape($new_value),
 				'is_dynamic'	=> ($use_cache) ? 0 : 1));
 			$this->db->sql_query($sql);
 		}