Index: wp-admin/setup-config.php
===================================================================
--- wp-admin/setup-config.php	(revision 15361)
+++ wp-admin/setup-config.php	(working copy)
@@ -157,12 +157,10 @@
 	$passwrd = trim($_POST['pwd']);
 	$dbhost  = trim($_POST['dbhost']);
 	$prefix  = trim($_POST['prefix']);
-	if ( empty($prefix) )
-		$prefix = 'wp_';
 
 	// Validate $prefix: it can only contain letters, numbers and underscores
 	if ( preg_match( '|[^a-z0-9_]|i', $prefix ) )
-		wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.'/*/WP_I18N_BAD_PREFIX*/ );
+		wp_die( /*WP_I18N_BAD_PREFIX*/'<strong>ERROR</strong>: "Table Prefix" can only be blank or contain a combination of numbers, letters, or underscores.'/*/WP_I18N_BAD_PREFIX*/ );
 
 	// Test the db connection.
 	/**#@+
@@ -218,9 +216,11 @@
 				$configFile[$line_num] = str_replace("database_name_here", $dbname, $line);
 				break;
 			case "define('DB_USER'":
+				$uname = addslashes($uname);
 				$configFile[$line_num] = str_replace("'username_here'", "'$uname'", $line);
 				break;
 			case "define('DB_PASSW":
+				$passwrd = addslashes($passwrd);
 				$configFile[$line_num] = str_replace("'password_here'", "'$passwrd'", $line);
 				break;
 			case "define('DB_HOST'":