modified MySQL and MySQLi drivers to address a potential SQL injection attack vector when multi-byte character set connections are employed. (Does not impact Latin-1, UTF-8, etc. encodings)
diff --git a/application/config/database.php b/application/config/database.php
index 24d611a..fa541a7 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -26,6 +26,12 @@
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
+| NOTE: For MySQL and MySQLi databases, this setting is only used
+| as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7.
+| There is an incompatibility in PHP with mysql_real_escape_string() which
+| can make your site vulnerable to SQL injection if you are using a
+| multi-byte character set and are running versions lower than these.
+| Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
| ['swap_pre'] A default table prefix that should be swapped with the dbprefix
| ['autoinit'] Whether or not to automatically initialize the database.
| ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections