mysqli_real_escape_string() PHP error inserting a file into a database

Question

Im trying to insert a file into a table but im getting the following error with the code bellow:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given

here is my php code:

<?php


if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {

        $sql_connection = mysql_connect("localhost", "teste", "localhost"); 
        mysql_select_db("skande5_form", $sql_connection);

        $nameFile = mysqli_real_escape_string($_FILES['uploaded_file']['name']);
        $mime = mysqli_real_escape_string($_FILES['uploaded_file']['type']);
        $size = mysqli_real_escape_string($_FILES['uploaded_file']['size']);
        $data = mysqli_real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));

does anyone know how to solve this problem?

1. Note the error message. 2. Go to http://php.net/mysqli_real_escape_string and see what the other parameter should be. — Quentin, May 20 '13 at 16:44
Don't mix `mysql_connect` and `mysqli_real_escape_string`! They are from **different** libraries. — Quentin, May 20 '13 at 16:44
@Oliveira — Pick either mysql_* or mysqli_* (hint: Don't use the obsolete, deprecated, rubbish mysql_*) or PDO and consult the manuals for them. — Quentin, May 20 '13 at 16:48

score 2 · Accepted Answer · edited Jun 20 '20 at 09:12

2

This is because your are mixing both mysql_* and mysqli_ function, correct syntax for mysql is mysql_real_escape_string

mysql_select_db and mysql_connect --> mysql

mysqli_real_escape_string --> mysqli

I would kindly suggest to use mysqli and use prepared statment to avaiod any risk of mysql injection have a look here How can I prevent SQL injection in PHP?.

edited Jun 20 '20 at 09:12

Community

1
1

answered May 20 '13 at 16:44

Fabio

23,183
12
55
64

mysqli_real_escape_string() PHP error inserting a file into a database

1 Answers1