diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index 4d87d995474..3295b67aa90 100644
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -309,9 +309,7 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
 {
 	pdo_mysql_db_handle *H = (pdo_mysql_db_handle *)dbh->driver_data;
 	bool use_national_character_set = 0;
-	char *quoted;
 	size_t quotedlen;
-	zend_string *quoted_str;
 
 	if (H->assume_national_character_set_strings) {
 		use_national_character_set = 1;
@@ -326,7 +324,9 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
 	PDO_DBG_ENTER("mysql_handle_quoter");
 	PDO_DBG_INF_FMT("dbh=%p", dbh);
 	PDO_DBG_INF_FMT("unquoted=%.*s", (int)ZSTR_LEN(unquoted), ZSTR_VAL(unquoted));
-	quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0));
+
+	zend_string *quoted_str = zend_string_safe_alloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0), false);
+	char *quoted = ZSTR_VAL(quoted_str);
 
 	if (use_national_character_set) {
 		quotedlen = mysql_real_escape_string_quote(H->server, quoted + 2, ZSTR_VAL(unquoted), ZSTR_LEN(unquoted), '\'');
@@ -343,8 +343,8 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
 	quoted[++quotedlen] = '\0';
 	PDO_DBG_INF_FMT("quoted=%.*s", (int)quotedlen, quoted);
 
-	quoted_str = zend_string_init(quoted, quotedlen, 0);
-	efree(quoted);
+	quoted_str = zend_string_truncate(quoted_str, quotedlen, false);
+
 	PDO_DBG_RETURN(quoted_str);
 }
 /* }}} */