diff --git a/postgres/lib/common b/postgres/lib/common
index 20947b2..63d57df 100644
--- a/postgres/lib/common
+++ b/postgres/lib/common
@@ -91,7 +91,11 @@ db_install_extensions() {
                 info "Installed postgis extensions on database '$dbname'."
                 ;;
             *)
-                ddb -d "$dbname" < <(echo "CREATE EXTENSION IF NOT EXISTS $1;") || return 1
+                if ! [[ "$1" =~ ^[0-9a-zA-Z_.-]+$ ]]; then
+                    err "Invalid extension name: $1"
+                    return 1
+                fi
+                ddb -d "$dbname" < <(echo "CREATE EXTENSION IF NOT EXISTS \"$1\";") || return 1
                 info "Installed $1 extension on database '$dbname'."
                 ;;
         esac