Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in

Question

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in E:\wamp\www\inventory\admin\dashboard\insert_export.php on line 94

i understand the error but how to correct the error, can anyone suggest me with explanation.

<?php 
include 'connection/db_connection.php';    
$row_data = array();
foreach($_POST['productname'] as $row=>$productname) { 
$date=$_POST['datetime'];
$subject=$_POST['subject'];
$productname=mysql_real_escape_string($con,$productname);
$itemcode=mysql_real_escape_string($con,($_POST['itemcode'][$row]));
$quantity=mysql_real_escape_string($con,($_POST['quantity'][$row]));



$row_data[] = "('$date','$productname', '$itemcode', '$quantity','$subject')";
}
if (!empty($row_data))
 {
$sql = 'INSERT INTO admin_export(datetime, product_name, item_code,quantity,subject) VALUES '.implode(',', $row_data);
$result = mysql_query($sql );

if ($result)
echo 'Successful inserts: ' . mysql_affected_rows($con);
else
echo 'query failed' ;
} 


?>

Answer 1

You've got the order the wrong way around. It should be:

$string = mysql_real_escape_string(STRING, $con);

^{Above is pseudo-code}

---

A more serious note.

Please look at using PDO/MySQLi instead of mysql_* functions because the mysql_* library is deprecated and not useful anymore.

Answer 2

The unescaped string comes first. See the docs http://php.net/manual/en/function.mysql-real-escape-string.php

So

$productname=mysql_real_escape_string($con,$productname);

should be:

$productname=mysql_real_escape_string($productname, $con);

Answer 3

$con is not defined here. Please check in your file db_connection.php what is given there