-3

I m trying to use mysql_real_escape_string in my code.It works fine with the localhost. whereas it shows error in on other server. how can I find solution for this.Can anybody give me solution whats wrong with my code

<?php
$username = "abcdb";
$password = "Abc@2014";
$hostname = "abcdb.db.9135182.hostedresource.com"; 
$db = "abcdb";
 $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
//connection to the database
$name="";
$email="";
$batch="";
$mobile="";

    if (isset($_POST['submit'])) {
    $error = "";


    if (!empty($_POST['name'])) {
   $name = mysql_real_escape_string($_POST['name']);
    } else {
    $error .= "You didn't type in your name. <br />";
    }

    if (!empty($_POST['email'])) {
    $email =mysql_real_escape_string($_POST['email']);
      if (!preg_match("/^[_a-z0-9]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){ 
      $error .= "The e-mail address you entered is not valid. <br/>";
      }
    } else {
    $error .= "You didn't type in an e-mail address. <br />";
    }
if (!empty($_POST['batch'])) {
     $batch =mysql_real_escape_string($_POST['batch']);

if (!preg_match('/^[0-9]{4}$/', $batch))  { 
      $error .= "Enter a valid batch. <br/>";
      }
    }
    else {
    $error .= "You didn't type batch. <br />";
    }
     if(($_POST['code']) == $_SESSION['code']) { 
    $code = $_POST['code'];
    } else { 
    $error .= "The captcha code you entered does not match. Please try again. <br />";    
    }



    if (!empty($_POST['mobile'])) {
     $mobile =mysql_real_escape_string($_POST['mobile']);

    if (!preg_match('/^[0-9]{10}$/', $mobile)) { 
      $error .= "Enter a valid Mobile number. <br/>";
      }

    }else {
    $error .= "You didn't type your Mobile Number. <br />";
    }
user3363305
  • 9
  • 3
  • 2
    Which error is? Does your server accept deprecated mysql_* commands or maybe has installed mysqli_* or PDO commands? – Marco Mura Nov 26 '14 at 08:26
  • Please post the error! mysql library is deprecated, make sure your server still support it, or you can use **mysqli/PDO** – Luca D'Alberti Nov 26 '14 at 08:28
  • I get error Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in C:\wamp\www\test\contact1.php on line 323 – user3363305 Nov 26 '14 at 08:33

1 Answers1

1

Look into using prepared statements (e.g. with mysqli - http://php.net/manual/en/book.mysqli.php). mysql_real_escape_string is deprecated. Your server and localhost mysql version may be different.

See Why shouldn't I use mysql_* functions in PHP?

Also the error message you've just posted gives you a clue. Test the parameter you pass is a string before calling mysql_real_escape_string

See http://php.net/manual/en/function.is-string.php

Community
  • 1
  • 1
QuantumTiger
  • 970
  • 1
  • 10
  • 22