--- mod_auth_mysql.c	2009-08-01 06:35:04.000000000 -0400
+++ mod_auth_mysql.c.oden	2009-08-01 06:35:23.000000000 -0400
@@ -453,7 +453,6 @@ static int
 open_db_handle(request_rec *r, mysql_auth_config_rec *m)
 {
   static MYSQL mysql_conn;
-  char query[MAX_STRING_LEN];
   short host_match = FALSE;
   short user_match = FALSE;
 
@@ -546,11 +545,13 @@ open_db_handle(request_rec *r, mysql_aut
     strcpy (connection.db, m->mysqlDB);
   }
   if (m->mysqlCharacterSet) {	/* If a character set was specified */
-    SNPRINTF(query, sizeof(query)-1, "SET CHARACTER SET %s", m->mysqlCharacterSet);
-    if (mysql_query(connection.handle, query) != 0) {
-      LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR: %s: %s", mysql_error(connection.handle), r->uri);
-      return FALSE;
-    }
+    
+      if (mysql_set_character_set(connection.handle, m->mysqlCharacterSet) != 0) {
+          LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR setting character set: %s: %s", 
+                      mysql_error(connection.handle), r->uri);
+          return FALSE;
+      }
+
   }
 
   return TRUE;
@@ -1047,7 +1048,7 @@ static char * get_mysql_pw(request_rec *
 
   ulen = strlen(user);
   sql_safe_user = PCALLOC(r->pool, ulen*2+1);
-  mysql_escape_string(sql_safe_user,user,ulen);
+  mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen);
 
   if (salt_column) {	/* If a salt was requested */
     if (m->mysqlUserCondition) {
@@ -1124,7 +1125,7 @@ static char ** get_mysql_groups(request_
 
   ulen = strlen(user);
   sql_safe_user = PCALLOC(r->pool, ulen*2+1);
-  mysql_escape_string(sql_safe_user,user,ulen);
+  mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen);
 
   if (m->mysqlGroupUserNameField == NULL)
     m->mysqlGroupUserNameField = m->mysqlNameField;