diff --git a/typo3/sysext/install/Classes/Controller/InstallerController.php b/typo3/sysext/install/Classes/Controller/InstallerController.php
index 89b8cf0986fc9b9b5fe55b8fe5599183566116e4..1f1f28f18eba58b1389b3c70af169e48a18d79ee 100644
--- a/typo3/sysext/install/Classes/Controller/InstallerController.php
+++ b/typo3/sysext/install/Classes/Controller/InstallerController.php
@@ -667,10 +667,11 @@ class InstallerController
         if ($success === false) {
             // remove the database again if we created it
             if ($request->getParsedBody()['install']['values']['type'] === 'new') {
-                GeneralUtility::makeInstance(ConnectionPool::class)
-                    ->getConnectionByName(ConnectionPool::DEFAULT_CONNECTION_NAME)
+                $connection = GeneralUtility::makeInstance(ConnectionPool::class)
+                    ->getConnectionByName(ConnectionPool::DEFAULT_CONNECTION_NAME);
+                $connection
                     ->getSchemaManager()
-                    ->dropDatabase($databaseName);
+                    ->dropDatabase($connection->quoteIdentifier($databaseName));
             }
 
             $this->configurationManager->removeLocalConfigurationKeysByPath(['DB/Connections/Default/dbname']);
@@ -1210,9 +1211,14 @@ For each website you need a TypoScript template on the main page of your website
             $platform = GeneralUtility::makeInstance(ConnectionPool::class)
                 ->getConnectionByName(ConnectionPool::DEFAULT_CONNECTION_NAME)
                 ->getDatabasePlatform();
-            GeneralUtility::makeInstance(ConnectionPool::class)
-                ->getConnectionByName(ConnectionPool::DEFAULT_CONNECTION_NAME)
-                ->exec(PlatformInformation::getDatabaseCreateStatementWithCharset($platform, $dbName));
+            $connection = GeneralUtility::makeInstance(ConnectionPool::class)
+                ->getConnectionByName(ConnectionPool::DEFAULT_CONNECTION_NAME);
+            $connection->exec(
+                PlatformInformation::getDatabaseCreateStatementWithCharset(
+                    $platform,
+                    $connection->quoteIdentifier($dbName)
+                )
+            );
             $this->configurationManager
                 ->setLocalConfigurationValueByPath('DB/Connections/Default/dbname', $dbName);
         } catch (DBALException $e) {
diff --git a/typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck/Platform/MySql.php b/typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck/Platform/MySql.php
index 96659cd41c7ceda63f693b282b3b04da471e9701..330b61b4404c02a0626fbe35fc58eddde186e5e8 100644
--- a/typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck/Platform/MySql.php
+++ b/typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck/Platform/MySql.php
@@ -219,4 +219,31 @@ class MySql extends AbstractPlatform
             ));
         }
     }
+
+    /**
+     * Validate the database name
+     *
+     * @param string $databaseName
+     * @return bool
+     */
+    public static function isValidDatabaseName(string $databaseName): bool
+    {
+        return strlen($databaseName) <= static::SCHEMA_NAME_MAX_LENGTH && preg_match('/^[\x{0001}-\x{FFFF}]*$/u', $databaseName);
+    }
+
+    protected function checkDatabaseName(Connection $connection): void
+    {
+        if (static::isValidDatabaseName($connection->getDatabase())) {
+            return;
+        }
+
+        $this->messageQueue->enqueue(
+            new FlashMessage(
+                'The given database name must not be longer than ' . static::SCHEMA_NAME_MAX_LENGTH . ' characters'
+                . ' and consist of the Unicode Basic Multilingual Plane (BMP), except U+0000',
+                'Database name not valid',
+                FlashMessage::ERROR
+            )
+        );
+    }
 }