diff --git a/comment_notify.install b/comment_notify.install
index 75b51b0..78907c0 100644
--- a/comment_notify.install
+++ b/comment_notify.install
@@ -16,12 +16,12 @@ function comment_notify_install() {
   $comments_select->addField('c', 'cid');
   $comments_select->addExpression('0', 'notify');
   // Mix in a random string to all values.
-  $salt = uniqid(mt_rand, TRUE);
+  $salt = uniqid(mt_rand(), TRUE);
   if (db_driver() == 'pgsql') {
-    $comments_select->addExpression("md5('" . $salt . "' || c.mail || coalesce(u.mail, u.init) || c.uid || c.name || c.nid || c.hostname)", 'notify_hash');
+    $comments_select->addExpression("MD5(:salt || c.mail || COALESCE(u.mail, u.init) || c.uid || c.name || c.nid || c.hostname)", 'notify_hash', array(':salt' => $salt));
   }
   else {
-    $comments_select->addExpression("md5(concat('" . $salt . "', c.mail, ifnull(u.mail, u.init), c.uid, c.name, c.nid, c.hostname))", 'notify_hash');
+    $comments_select->addExpression("MD5(CONCAT(:salt, c.mail, COALESCE(u.mail, u.init), c.uid, c.name, c.nid, c.hostname))", 'notify_hash', array(':salt' => $salt));
   }
 
   // Set module weight low so that other modules act on the comment first.