diff --git a/lib/Froxlor/Api/Commands/Mysqls.php b/lib/Froxlor/Api/Commands/Mysqls.php
index ec1d6dfb..5083efd5 100644
--- a/lib/Froxlor/Api/Commands/Mysqls.php
+++ b/lib/Froxlor/Api/Commands/Mysqls.php
@@ -61,7 +61,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 		$password = \Froxlor\System\Crypt::validatePassword($password, true);
 		$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
-		$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
+		if (!empty($databasename)) {
+			$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
+		}
 
 		// validate whether the dbserver exists
 		$dbserver = \Froxlor\Validate\Validate::validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);
diff --git a/lib/Froxlor/Api/Commands/SubDomains.php b/lib/Froxlor/Api/Commands/SubDomains.php
index 97b583a8..e5503f9d 100644
--- a/lib/Froxlor/Api/Commands/SubDomains.php
+++ b/lib/Froxlor/Api/Commands/SubDomains.php
@@ -262,6 +262,16 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				$phpsid_result['phpsettingid'] = intval($phpsettingid);
 			}
 
+			$allowed_phpconfigs = $this->getUserDetail('allowed_phpconfigs');
+			if (! empty($allowed_phpconfigs)) {
+				$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+			} else {
+				$allowed_phpconfigs = [];
+			}
+			if (! in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {
+				\Froxlor\UI\Response::dynamic_error('Trying to use php-config which is not assigned to customer');
+			}
+
 			// actually insert domain
 			$stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -638,6 +648,16 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'");
 		}
 
+		$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+		if (! empty($allowed_phpconfigs)) {
+			$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+		} else {
+			$allowed_phpconfigs = [];
+		}
+		if (! in_array($phpsettingid, $allowed_phpconfigs)) {
+			\Froxlor\UI\Response::dynamic_error('Trying to use php-config which is not assigned to customer');
+		}
+
 		// handle redirect
 		if ($_doredirect) {
 			\Froxlor\Domain\Domain::updateRedirectOfDomain($id, $redirectcode);