--- mod_auth_mysql.c 2009-08-01 06:35:04.000000000 -0400 +++ mod_auth_mysql.c.oden 2009-08-01 06:35:23.000000000 -0400 @@ -453,7 +453,6 @@ static int open_db_handle(request_rec *r, mysql_auth_config_rec *m) { static MYSQL mysql_conn; - char query[MAX_STRING_LEN]; short host_match = FALSE; short user_match = FALSE; @@ -546,11 +545,13 @@ open_db_handle(request_rec *r, mysql_aut strcpy (connection.db, m->mysqlDB); } if (m->mysqlCharacterSet) { /* If a character set was specified */ - SNPRINTF(query, sizeof(query)-1, "SET CHARACTER SET %s", m->mysqlCharacterSet); - if (mysql_query(connection.handle, query) != 0) { - LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR: %s: %s", mysql_error(connection.handle), r->uri); - return FALSE; - } + + if (mysql_set_character_set(connection.handle, m->mysqlCharacterSet) != 0) { + LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR setting character set: %s: %s", + mysql_error(connection.handle), r->uri); + return FALSE; + } + } return TRUE; @@ -1047,7 +1048,7 @@ static char * get_mysql_pw(request_rec * ulen = strlen(user); sql_safe_user = PCALLOC(r->pool, ulen*2+1); - mysql_escape_string(sql_safe_user,user,ulen); + mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen); if (salt_column) { /* If a salt was requested */ if (m->mysqlUserCondition) { @@ -1124,7 +1125,7 @@ static char ** get_mysql_groups(request_ ulen = strlen(user); sql_safe_user = PCALLOC(r->pool, ulen*2+1); - mysql_escape_string(sql_safe_user,user,ulen); + mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen); if (m->mysqlGroupUserNameField == NULL) m->mysqlGroupUserNameField = m->mysqlNameField;