diff --git a/reference/mysql/functions/mysql-real-escape-string.xml b/reference/mysql/functions/mysql-real-escape-string.xml
index d3270c13f5..308d4764cd 100644
--- a/reference/mysql/functions/mysql-real-escape-string.xml
+++ b/reference/mysql/functions/mysql-real-escape-string.xml
@@ -40,6 +40,20 @@
This function must always (with few exceptions) be used to make data
safe before sending a query to MySQL.
+
+
+ Security: the default character set
+
+ Always set your character set at the server level, or with mysql_set_charset.
+
+
+ mysql_real_escape_string will take into account the character set
+ if it is set by either the MySQL Server (e.g., via its default-character-set directive)
+ or from mysql_set_charset. But, it will not use the character set that is set with
+ an SQL query, like as a SET CHARACTER SET ... or SET NAMES ... query
+ with mysql_query.
+
+
@@ -159,6 +173,7 @@ SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''
&reftitle.seealso;
+ mysql_set_charset
mysql_client_encoding
addslashes
stripslashes
diff --git a/reference/mysqli/mysqli/character-set-name.xml b/reference/mysqli/mysqli/character-set-name.xml
index 86f923e672..947071779f 100644
--- a/reference/mysqli/mysqli/character-set-name.xml
+++ b/reference/mysqli/mysqli/character-set-name.xml
@@ -98,6 +98,7 @@ Current character set is latin1_swedish_ci
&reftitle.seealso;
+ mysqli_set_charset
mysqli_client_encoding
mysqli_real_escape_string
diff --git a/reference/mysqli/mysqli/real-escape-string.xml b/reference/mysqli/mysqli/real-escape-string.xml
index 3c4b231199..3c5f229d4e 100644
--- a/reference/mysqli/mysqli/real-escape-string.xml
+++ b/reference/mysqli/mysqli/real-escape-string.xml
@@ -29,6 +29,19 @@
SQL statement. The given string is encoded to an escaped SQL string,
taking into account the current character set of the connection.
+
+ Security: the default character set
+
+ Always set your character set at the server level, or with mysqli_set_charset.
+
+
+ mysqli_real_escape_string will take into account the character set
+ if it is set by either the MySQL Server (e.g., via its default-character-set directive)
+ or from mysqli_set_charset. But, it will not use the character set that is set with
+ an SQL query, like as a SET CHARACTER SET ... or SET NAMES ... query
+ with mysqli_query.
+
+
@@ -155,6 +168,7 @@ Error: 42000
&reftitle.seealso;
+ mysqli_set_charset
mysqli_character_set_name