diff --git a/includes/database.php b/includes/database.php
index a34407f..6824bca 100644
--- a/includes/database.php
+++ b/includes/database.php
@@ -2,12 +2,28 @@
 
 namespace Kabano;
 
+function sql_escape_connection_value($value) {
+	$value = (string)$value;
+	$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value);
+	return "'".$value."'";
+}
+
 function sql_connect() {
 	global $config;
 
-	return pg_connect(
-		"host=".$config['SQL_host']." dbname=".$config['SQL_db']." user=".$config['SQL_user']." password=".$config['SQL_pass']
-	) or die ("Could not connect to server\n");
+	$connection = "host=".sql_escape_connection_value($config['SQL_host'])
+		." dbname=".sql_escape_connection_value($config['SQL_db'])
+		." user=".sql_escape_connection_value($config['SQL_user'])
+		." password=".sql_escape_connection_value($config['SQL_pass']);
+
+	$con = @pg_connect($connection);
+	if (!$con) {
+		$error = error_get_last();
+		$message = $error && isset($error['message']) ? $error['message'] : "unknown error";
+		die("Could not connect to server: ".$message."\n");
+	}
+
+	return $con;
 }
 
 ?>
diff --git a/models/d.locales.php b/models/d.locales.php
index f908a1c..546d635 100755
--- a/models/d.locales.php
+++ b/models/d.locales.php
@@ -1,4 +1,4 @@
-<?
+<?php
  
 namespace Kabano;