The database-driven cognitive radio network (CRN) is regarded as a promising way for a better utilization of spectrum resources without introducing the interference to primary users (PUs). However, there are some critical security and privacy issues in database-driven CRNs, which have been rarely discussed before. First of all, in order to retrieve the spectrum available information (SAI) of one's vicinity, an SU's query will inevitably disclose its location information. Second, malicious SUs may query SAI for other locations so as to infer operational patterns of PUs and other SUs. In addition, they can reconstruct the entire SAI of the database and sell it for profit. Therefore, in this paper we aim to guarantee both location privacy of SUs and information security of the database during spectrum query in database-driven CRNs. We first leverage private information retrieval (PIR) techniques to allow the database to find out the SAI regarding a querying SU's location, without learning the query information, i.e., this SU's location. To prevent malicious SUs inferring SAI of other locations, SUs are required to provide location proofs indicating that they are at the places where they claim to be. Theoretical analysis is provided showing that our scheme is privacy-preserving and secure. Experiments are also conducted to evaluate the its efficiency.