Description:
While perusing the source code for mysql i discovered that mysql_real_escape_string  is implemented so it skips multibyte characters in the process of escaping the string.  This means if the character set is ucs2 that no escaping will ever take place as all characters are multibyte.

How to repeat:
Read the source code.

Suggested fix:
mysql_real_escape_string will need to actually understand multibyte characters - since the characters needing escaping may indeed be multibyte characters- and the escape character itself may be multibyte.

Are you referring to the below piece of code ?

ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
                              const char *from, ulong length)
{
  <cut>

  {
#ifdef USE_MB
    int l;
    if (use_mb_flag && (l= my_ismbchar(charset_info, from, end)))
    {
      while (l--)
	*to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)

     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
 if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
    {
      *to++= '\\';
      *to++= *from;
      continue;
    }

yes that code is the code which I think can cause issues.

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

This is not a problem as UCS2 is not supported as a client character set anyway