diff --git a/adminer/user.inc.php b/adminer/user.inc.php
index 4cabe8f7..78e5674b 100644
--- a/adminer/user.inc.php
+++ b/adminer/user.inc.php
@@ -111,7 +111,7 @@ if ($_POST) {
 	if ($old_pass != "") {
 		$row["hashed"] = true;
 	}
-	$grants[DB != "" && !isset($_GET["host"]) ? idf_escape($_GET["db"]) . ".*" : ""] = array();
+	$grants[DB != "" && !isset($_GET["host"]) ? idf_escape(addcslashes(DB, "%_")) . ".*" : ""] = array();
 }
 
 ?>