diff --git a/functions.inc.php b/functions.inc.php
index fb0e33f5..c172612c 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1101,7 +1101,7 @@ function pacrypt ($pw, $pw_db="") {
     elseif ($CONF['encrypt'] == 'mysql_encrypt') {
         $pw = escape_string($pw);
         if ($pw_db!="") {
-            $salt=substr($pw_db,0,2);
+            $salt=escape_string(substr($pw_db,0,2));
             $res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');");
         } else {
             $res=db_query("SELECT ENCRYPT('".$pw."');");