diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index 0827c638..f3399dee 100644
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -28,7 +28,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
 		if (!$_POST["collation"]) {
 			redirect(substr(ME, 0, -1));
 		}
-		query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . q($_POST["collation"]), substr(ME, 0, -1), lang('Database has been altered.'));
+		query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE $_POST[collation]", substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005
 	}
 }
 
diff --git a/adminer/drivers/mssql.inc.php b/adminer/drivers/mssql.inc.php
index 11992825..03369a5a 100644
--- a/adminer/drivers/mssql.inc.php
+++ b/adminer/drivers/mssql.inc.php
@@ -383,7 +383,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
 	}
 
 	function create_database($db, $collation) {
-		return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . idf_escape($collation) : ""));
+		return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE $collation" : ""));
 	}
 	
 	function drop_databases($databases) {
@@ -392,7 +392,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
 	
 	function rename_database($name, $collation) {
 		if ($collation) {
-			queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE " . idf_escape($collation));
+			queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE $collation");
 		}
 		queries("ALTER DATABASE " . idf_escape(DB) . " MODIFY NAME = " . idf_escape($name));
 		return true; //! false negative "The database name 'test2' has been set."