diff --git a/create.inc.php b/create.inc.php
index 31ddda7f..67d9f54f 100644
--- a/create.inc.php
+++ b/create.inc.php
@@ -73,7 +73,7 @@ if ($_POST) {
 		$row["fields"][$row["auto_increment"] - 1]["auto_increment"] = true;
 	}
 } elseif (strlen($_GET["create"])) {
-	$result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string($_GET["create"]) . "'");
+	$result = table_status($_GET["create"]);
 	$row = $result->fetch_assoc();
 	$row["name"] = $_GET["create"];
 	$row["fields"] = array_values(fields($_GET["create"]));
diff --git a/functions.inc.php b/functions.inc.php
index ed9e3b88..fb13011a 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -40,6 +40,11 @@ function get_vals($query) {
 	return $return;
 }
 
+function table_status($table) {
+	global $mysql;
+	return $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string(addcslashes($table, "%_")) . "'");
+}
+
 function fields($table) {
 	global $mysql;
 	$return = array();
diff --git a/table.inc.php b/table.inc.php
index ba116467..25380260 100644
--- a/table.inc.php
+++ b/table.inc.php
@@ -51,7 +51,7 @@ if (!$result) {
 }
 
 if ($mysql->server_info >= 5) {
-	$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string($_GET["table"]) . "'");
+	$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["table"], "%_")) . "'");
 	if ($result->num_rows) {
 		echo "<h3>" . lang('Triggers') . "</h3>\n";
 		echo "<table border='0' cellspacing='0' cellpadding='2'>\n";