diff --git a/install.php b/install.php
index e4b029040..1d05fd734 100644
--- a/install.php
+++ b/install.php
@@ -266,6 +266,15 @@ if (isset($_POST['install']))
 
   pwg_db_check_charset();
 
+  if (
+    strlen($prefixeTable) > 20
+    or preg_match('/^\d/', $prefixeTable)
+    or !preg_match('/^[a-zA-Z0-9_$]*$/u', $prefixeTable)
+  )
+  {
+    $errors[] = 'invalid table prefix';
+  }
+
   $webmaster = trim(preg_replace('/\s{2,}/', ' ', $admin_name));
   if (empty($webmaster))
   {