diff -Naur mod_log_sql-1.101-rs1/mod_log_sql.c mod_log_sql-1.101-rs2/mod_log_sql.c
--- mod_log_sql-1.101-rs1/mod_log_sql.c	2008-02-19 22:01:40.000000000 +0100
+++ mod_log_sql-1.101-rs2/mod_log_sql.c	2008-02-19 00:10:37.000000000 +0100
@@ -855,7 +855,7 @@
 	const char *thehost;
 	const char *theitem;
 	char *fields = "", *values = "";
-	char *itemsets = "";
+	char *itemsets = NULL;
 	char *note_query = NULL;
 	char *hin_query = NULL;
 	char *hout_query = NULL;
@@ -938,8 +938,7 @@
 		if (!formatted_item) {
 			/* RS: no space allocated for formatted_item before */
 			/* so use apr_palloc and form an empty string */
-			formatted_item=apr_palloc(r->pool,1);
-			formatted_item[0]=0;
+			formatted_item=apr_pstrcat(r->pool,"",NULL);
 		} else if (formatted_item[0] == '-' && formatted_item[1] == '\0' && !item->string_contents) {
 			/* If apache tried to log a '-' character for a numeric field, convert that to a zero
 			 * because the database expects a numeral and will reject the '-' character. */
@@ -962,8 +961,7 @@
 
 		i = 0;
 		/* RS: alloc an empty string (aka '\0') for itemsets */
-		itemsets=apr_palloc(r->pool,1);
-		itemsets[0]=0;
+		itemsets=apr_pstrcat(r->pool,"",NULL);
 
 		for_each_apr_array_header(cls->notes_list) {
 			/* If the specified note (*ptrptr) exists for the current request... */
@@ -996,8 +994,7 @@
 
 		i = 0;
 		/* RS: alloc an empty string (aka '\0') for itemsets */
-		itemsets=apr_palloc(r->pool,1);
-		itemsets[0]=0;
+		itemsets=apr_pstrcat(r->pool,"",NULL);
 
 		for_each_apr_array_header(cls->hout_list) {
 
@@ -1033,8 +1030,7 @@
 
 		i = 0;
 		/* RS: alloc an empty string (aka '\0') for itemsets */
-		itemsets=apr_palloc(r->pool,1);
-		itemsets[0]=0;
+		itemsets=apr_pstrcat(r->pool,"",NULL);
 
 		for_each_apr_array_header(cls->hin_list) {
 			/* If the specified header (*ptrptr) exists for the current request... */
@@ -1068,9 +1064,7 @@
 
 		i = 0;
 		/* RS: alloc an empty string (aka '\0') for itemsets */
-		itemsets=apr_palloc(r->pool,1);
-		itemsets[0]=0;
-
+		itemsets=apr_pstrcat(r->pool,"",NULL);
 		for_each_apr_array_header(cls->cookie_list) {
 			/* If the specified cookie (*ptrptr) exists for the current request... */
 			if (strncmp((theitem = extract_specific_cookie(r, *ptrptr)), "-", 1) ) {
diff -Naur mod_log_sql-1.101-rs1/mod_log_sql_mysql.c mod_log_sql-1.101-rs2/mod_log_sql_mysql.c
--- mod_log_sql-1.101-rs1/mod_log_sql_mysql.c	2008-02-19 22:01:40.000000000 +0100
+++ mod_log_sql-1.101-rs2/mod_log_sql_mysql.c	2008-02-18 22:00:25.000000000 +0100
@@ -91,25 +91,30 @@
 	/* Pre-allocate a new string that could hold twice the original, which would only
 	 * happen if the whole original string was 'dangerous' characters.
 	 */
-	char *to_str = (char *) apr_palloc(p, length * 2 + 3);
+	char *to_str = (char *) apr_palloc(p, length * 2 + 1);
 	if (!to_str) {
 		return from_str;
 	}
-        strcpy(to_str, "'");
+
+	/* RS: first get the escaped string, then put all together with apr_pstrcat */
+
 	if (!db->connected) {
 		/* Well, I would have liked to use the current database charset.  mysql is
 		 * unavailable, however, so I fall back to the slightly less respectful
 		 * mysql_escape_string() function that uses the default charset.
 		 */
-		retval = mysql_escape_string(to_str+1, from_str, length);
+		retval = mysql_escape_string(to_str, from_str, length);
 	} else {
 		/* MySQL is available, so I'll go ahead and respect the current charset when
 		 * I perform the escape.
 		 */
-		retval = mysql_real_escape_string((MYSQL *)db->handle, to_str+1, from_str, length);
+		retval = mysql_real_escape_string((MYSQL *)db->handle, to_str, from_str, length);
 	}
-        strcat(to_str,"'");
-	return (retval) ? to_str : from_str;
+
+	if(!retval) {
+		return from_str;
+	}
+	return apr_pstrcat(p,"'",to_str,"'",NULL);
 }
 
 #if defined(WIN32)
@@ -163,16 +168,17 @@
 }
 
 /* Create table table_name of type table_type. */
+
+/* RS: make sure that every byte is bound to the r->pool */
+/* switch from seperated query-parts to append-mode */
+
 static logsql_table_ret log_sql_mysql_create(request_rec *r, logsql_dbconnection *db,
 						logsql_tabletype table_type, const char *table_name)
 {
 	int retval;
 	const char *tabletype = apr_table_get(db->parms,"tabletype");
 	SIGNAL_VAR
-	char *type_suffix = NULL;
 
-	char *create_prefix = "create table if not exists `";
-	char *create_suffix = NULL;
 	char *create_sql = NULL;
 
 	MYSQL *dblink = (MYSQL *)db->handle;
@@ -188,50 +194,35 @@
 		instead of = 
 		*/
 
-		create_suffix = apr_pstrcat(r->pool, 
-	"` (id char(19),\
-       agent varchar(255),\
-       bytes_sent int unsigned,\
-       child_pid smallint unsigned,\
-       cookie varchar(255),\
-       machine_id varchar(25),\
-       request_file varchar(255),\
-       referer varchar(255),\
-       remote_host varchar(50),\
-       remote_logname varchar(50),\
-       remote_user varchar(50),\
-       request_duration smallint unsigned,\
-       request_line varchar(255),\
-       request_method varchar(10),\
-       request_protocol varchar(10),\
-       request_time char(28),\
-       request_uri varchar(255),\
-       request_args varchar(255),\
-       server_port smallint unsigned,\
-       ssl_cipher varchar(25),\
-       ssl_keysize smallint unsigned,\
-       ssl_maxkeysize smallint unsigned,\
-       status smallint unsigned,\
-       time_stamp int unsigned,\
-       virtual_host varchar(255),\
-       bytes_in int unsigned,\
-       bytes_out int unsigned)", NULL);
+		create_sql = apr_pstrcat(r->pool,
+			"create table if not exists `", 
+			table_name, 
+			"` (id char(19), agent varchar(255), bytes_sent int unsigned,\
+			child_pid smallint unsigned, cookie varchar(255), machine_id varchar(25),\
+			request_file varchar(255), referer varchar(255), remote_host varchar(50),\
+			remote_logname varchar(50), remote_user varchar(50), request_duration smallint unsigned,\
+			request_line varchar(255), request_method varchar(10), request_protocol varchar(10),\
+			request_time char(28), request_uri varchar(255), request_args varchar(255),\
+			server_port smallint unsigned, ssl_cipher varchar(25), ssl_keysize smallint unsigned,\
+			ssl_maxkeysize smallint unsigned, status smallint unsigned, time_stamp int unsigned,\
+			virtual_host varchar(255), bytes_in int unsigned, bytes_out int unsigned)", 
+			NULL);
 		break;
 	case LOGSQL_TABLE_COOKIES:
 	case LOGSQL_TABLE_HEADERSIN:
 	case LOGSQL_TABLE_HEADERSOUT:
 	case LOGSQL_TABLE_NOTES:
-		create_suffix = apr_pstrcat(r->pool,"` (id char(19), item varchar(80), val varchar(80))", NULL);
+		create_sql = apr_pstrcat(r->pool,
+			"create table if not exists `", 
+			table_name, 
+			"` (id char(19), item varchar(80), val varchar(80))", 
+			NULL);
 		break;
 	}
 
 	if (tabletype) {
-		type_suffix = apr_pstrcat(r->pool, " TYPE=",
-							tabletype, NULL);
+		create_sql = apr_pstrcat(r->pool, create_sql, " TYPE=", tabletype, NULL);
 	}
-	/* Find memory long enough to hold the whole CREATE string + \0 */
-	create_sql = apr_pstrcat(r->pool, create_prefix, table_name, create_suffix,
-						type_suffix, NULL);
 
 	log_error(APLOG_MARK,APLOG_DEBUG,0, r->server,"create string: %s", create_sql);
 
