Greg from Serberus.net has written in today to let us know about a new MySQL patch that's been released which fixes some of the issues PHPers were seeing with the database, including problems with the mysql_real_escape_string function.
MySQL have finally released a patched version of MySQL 5 which addresses the potential SQL injection issue with mysql_real_escape_string() and changing character set - see here.
They also describe a workaround for users who can't upgrade to the latest release.
He also mentiones that this was as issue that Ilia Alshanetsky has blogged about this very issue back in January.
