diff --git a/admin/system/database.php b/admin/system/database.php
index 73f4f61..9241c14 100644
--- a/admin/system/database.php
+++ b/admin/system/database.php
@@ -50,7 +50,10 @@ if ($operation == 'export') {
 		$submit = true;
 		DB::query('SET SQL_QUOTE_SHOW_CREATE=0', 'SILENT');
 		if (!$_GET['filename'] || preg_match("/(\.)(exe|jsp|asp|aspx|cgi|fcgi|pl)(\.|$)/i", $_GET['filename'])) {
-			cpmsg('database_export_filename_invalid', '', 'error');
+			showmessage('database_export_filename_invalid');
+		}
+		if(!preg_match("/^[a-zA-Z0-9_]+$/i",$_GET['filename'])){
+			showmessage('database_export_filename_invalid');
 		}
 
 		$time = dgmdate(TIMESTAMP);
@@ -58,12 +61,18 @@ if ($operation == 'export') {
 			$tables = arraykeys2(fetchtablelist($tablepre), 'Name');
 		} elseif ($_GET['type'] == 'custom') {
 			$tables = array();
+			$alltables= arraykeys2(fetchtablelist($tablepre), 'Name');
 			if (empty($_GET['setup'])) {
 				$tables = C::t('setting') -> fetch('custombackup', true);
 			} else {
 				C::t('setting') -> update('custombackup', empty($_GET['customtables']) ? '' : $_GET['customtables']);
 				$tables = &$_GET['customtables'];
 			}
+
+			//验证表名是否正确
+			foreach($tables as $key => $table){
+				if(!in_array($table,$alltabls)) unset($tables[$key]);
+			}
 			if (!is_array($tables) || empty($tables)) {
 				showmessage('database_export_custom_invalid');
 			}
@@ -76,7 +85,7 @@ if ($operation == 'export') {
 		}
 
 		$volume = intval($_GET['volume']) + 1;
-		$idstring = '# Identify: ' . base64_encode("$_G[timestamp]," . $_G['setting']['version'] . ",{$_GET['type']},{$_GET['method']},{$volume},{$tablepre},{$dbcharset}") . "\n";
+		$idstring = '# Identify: ' . base64_encode($_G['timestamp']."," . $_G['setting']['version'] . "," .$_GET['type']."," .$_GET['method']."," .$volume."," .$tablepre."," .$dbcharset) . "\n";
 
 		$dumpcharset = $_GET['sqlcharset'] ? $_GET['sqlcharset'] : str_replace('-', '', $_G['charset']);
 		$setnames = ($_GET['sqlcharset'] && $db -> version() > '4.1' && (!$_GET['sqlcompat'] || $_GET['sqlcompat'] == 'MYSQL41')) ? "SET NAMES '$dumpcharset';\n\n" : '';
@@ -490,7 +499,7 @@ function sqldumptablestruct($table) {
 	}
 
 	$tablestatus = DB::fetch_first("SHOW TABLE STATUS LIKE '$table'");
-	$tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus[Auto_increment]" : ''). ";\n\n";
+	$tabledump .= ($tablestatus['Auto_increment'] ? " AUTO_INCREMENT=$tablestatus['Auto_increment']" : ''). ";\n\n";
 	if ($_GET['sqlcompat'] == 'MYSQL40' && $db -> version() >= '4.1' && $db -> version() < '5.1') {
 		if ($tablestatus['Auto_increment'] <> '') {
 			$temppos = strpos($tabledump, ',');
@@ -531,7 +540,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) {
 		if ($_GET['extendins'] == '0') {
 			while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) {
 				if ($firstfield['Extra'] == 'auto_increment') {
-					$selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom ORDER BY $firstfield[Field] LIMIT $offset";
+					$selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom ORDER BY$firstfield['Field']LIMIT $offset";
 				} else {
 					$selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset";
 				}
@@ -562,7 +571,7 @@ function sqldumptable($table, $startfrom = 0, $currsize = 0) {
 		} else {
 			while ($currsize + strlen($tabledump) + 500 < $_GET['sizelimit'] * 1000 && $numrows == $offset) {
 				if ($firstfield['Extra'] == 'auto_increment') {
-					$selectsql = "SELECT * FROM $table WHERE $firstfield[Field] > $startfrom LIMIT $offset";
+					$selectsql = "SELECT * FROM $table WHERE$firstfield['Field']> $startfrom LIMIT $offset";
 				} else {
 					$selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset";
 				}