index 86a5943..1492ce0 100644
--- a/PC/_msi.c
+++ b/PC/_msi.c
@@ -955,6 +955,17 @@ static PyTypeObject msidb_Type = {
         0,                      /*tp_is_gc*/
 };

+#define Py_NOT_PERSIST(flag)                        \
+    (persist != (int)(flag) &&                      \
+    persist != ((int)(flag) | MSIDBOPEN_PATCHFILE))
+
+#define Py_INVALID_PERSIST()                \
+    (Py_NOT_PERSIST(MSIDBOPEN_READONLY) &&  \
+    Py_NOT_PERSIST(MSIDBOPEN_TRANSACT) &&   \
+    Py_NOT_PERSIST(MSIDBOPEN_DIRECT) &&     \
+    Py_NOT_PERSIST(MSIDBOPEN_CREATE) &&     \
+    Py_NOT_PERSIST(MSIDBOPEN_CREATEDIRECT))
+
 static PyObject* msiopendb(PyObject *obj, PyObject *args)
 {
     int status;
@@ -965,6 +976,11 @@ static PyObject* msiopendb(PyObject *obj, PyObject *args)

     if (!PyArg_ParseTuple(args, "si:MSIOpenDatabase", &path, &persist))
         return NULL;
+    /* We need to validate that persist is a valid MSIDBOPEN_* value. Otherwise,
+       MsiOpenDatabase may treat the value as a pointer, leading to unexpected
+       behavior. */
+    else if (Py_INVALID_PERSIST())
+        return msierror(ERROR_INVALID_PARAMETER);

         status = MsiOpenDatabase(path, (LPCSTR)persist, &h);
     if (status != ERROR_SUCCESS)