diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c
--- mod-auth-mysql~/mod_auth_mysql.c	2009-01-07 21:47:20.000000000 +0100
+++ mod-auth-mysql/mod_auth_mysql.c	2009-01-08 21:12:47.000000000 +0100
@@ -340,6 +340,8 @@ typedef struct {
 
 module auth_mysql_module;
 
+static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
+
 #ifdef APACHE2
 static apr_status_t
 #else
@@ -506,9 +508,9 @@ static const char *set_scrambled_passwor
  * server when passed in as part of a query.
  */
 #ifdef APACHE2
-static char *mysql_escape(char *str, apr_pool_t *p)
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
 #else
-static char *mysql_escape(char *str, pool *p)
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
 #endif
 {
 	char *dest;
@@ -522,7 +524,7 @@ static char *mysql_escape(char *str, poo
 		return str;
 	}
 	
-	mysql_escape_string(dest, str, strlen(str));
+	mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
 	
 	return dest;
 }
@@ -1374,25 +1376,18 @@ static int open_auth_dblink(request_rec 
 	}
 
 	if (sec->db_charset) {
+		const char *check;
+
 		APACHELOG(APLOG_DEBUG, r,
 			"Setting character set to %s", sec->db_charset);
 
-		query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL);
-		if (!query) {
-			APACHELOG(APLOG_ERR, r,
-				"Failed to create query string - we're no good...");
-			return -1;
-		}
+		mysql_set_character_set(sec->dbh, sec->db_charset);
 
-		if (mysql_query(sec->dbh, query)) {
-			if (sec->dbh)
-			{
-				APACHELOG(APLOG_ERR, r,
-					"Query call failed: %s (%i)", mysql_error(sec->dbh),
-					mysql_errno(sec->dbh));
-			}
+		check = mysql_character_set_name(sec->dbh);
 
-			APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query);
+		if (!check || strcmp(sec->db_charset, check)) {
+			APACHELOG(APLOG_ERR, r,
+				"Failed to set character set to %s", sec->db_charset);
 			return -1;
 		}
 	}
@@ -1537,11 +1532,27 @@ static int mysql_check_user_password(req
 	char *auth_table = "mysql_auth", *auth_user_field = "username",
 		*auth_password_field = "passwd", *auth_password_clause = "";
 	char *query;
-	char *esc_user = mysql_escape(user, r->pool);
+	char *esc_user = NULL;
 	MYSQL_RES *result;
 	MYSQL_ROW sql_row;
+	int error = CR_UNKNOWN_ERROR;
 	int rv;
 		
+	if (!sec->dbh) {
+		APACHELOG(APLOG_DEBUG, r,
+			"No DB connection open - firing one up");
+		if ((error = open_auth_dblink(r, sec))) {
+			APACHELOG(APLOG_DEBUG, r,
+				"open_auth_dblink returned %i", error);
+			return error;
+		}
+
+		APACHELOG(APLOG_DEBUG, r,
+			"Correctly opened a new DB connection");
+	}
+
+	esc_user = mysql_escape(sec, r, user, r->pool);
+
 	if (sec->user_table) {
 		auth_table = sec->user_table;
 	}
@@ -1627,8 +1638,8 @@ static int mysql_check_group(request_rec
 {
 	char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
 	char *query;
-	char *esc_user = mysql_escape(user, r->pool);
-	char *esc_group = mysql_escape(group, r->pool);
+	char *esc_user = mysql_escape(sec, r, user, r->pool);
+	char *esc_group = mysql_escape(sec, r, group, r->pool);
 	MYSQL_RES *result;
 	MYSQL_ROW row;
 	char *auth_user_field = "username";