0

this is my connection : 

$db = mysqli_connect('localhost', 'root', '', 'library');


$name = mysql_real_escape_string($_POST['name']);

this a piece of code is giving me such error

Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in C:\xampp\htdocs\Rg\server.php:13 Stack trace: #0 C:\xampp\htdocs\Rg\register.php(1): include() #1 {main} thrown in C:\xampp\htdocs\Rg\server.php on line 13

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
Akmaljon Usmonov
  • 13
  • 8
  • 2
    You are mixing mysqli and mysql functions. The mysql_* functions have been removed from PHP. You want to use prepared/parameterized queries to protect against sql injection hacks, NOT escaping strings. – JimL Apr 22 '18 at 18:05
  • 2
    Possible duplicate of [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) – Nigel Ren Apr 22 '18 at 18:05
  • try this $name = mysqli_real_escape_string($_POST['name']); – Klodian Apr 22 '18 at 18:09
  • If you're writing new code, **_please_, for the love of all you hold dear, don't use the `mysql_*` functions!** They are old and broken, were deprecated in PHP 5.5, and completely removed in PHP 7.0 (which is so old it [no longer even receives active support](http://php.net/supported-versions.php)). Use [`PDO`](https://secure.php.net/manual/en/book.pdo.php) or [`mysqli_*`](https://secure.php.net/manual/en/book.mysqli.php) with _prepared statements_ and _parameter binding_ instead. See http://stackoverflow.com/q/12859942/354577 for details. It's _2018_. This isn't funny anymore. – ChrisGPT was on strike Apr 22 '18 at 18:44
  • 1
    Lots of software developers are still learning by reading 10 year old books or code. – Bill Karwin Apr 22 '18 at 22:04

2 Answers2

2

You are mixing two different mysql function as mentioned in the comment section try using either one. mysql function are deprecated you better use mysqli. try below code

$name = mysqli_real_escape_string($db,$_POST['name']);
prasanna puttaswamy
  • 997
  • 2
  • 7
  • 9
0

See i'm receiving the data from the form in POST method. 

<form action="<?php $_SERVER['PHP_SELF']?>" method="POST">
  Name:  <input type="text" name="username" />
  <button type="submit" name="dataSent"> Submit </button>
</form>

    //Database connection. if you are in localhost the password is nothing.
    <?php
        define("HOSTNAME","localhost");
        define("USERNAME","root");
        define("PASSWORD","");
        define("DBNAME","here your database name");

    $conn    mysqli_connect(HOSTNAME,USERNAME,PASSWORD,DBNAME);

    ?>

    //php data receiving

        <?php
            if ( isset($_POST['dataSent']) ) {
              $username = mysqli_real_escape_string($conn, $_POST['username'] );
              echo $username;
           }

        ?>

Now it should be work. mysqli_real_escape_string(para 1, para 2 ) we can not receive data whithout including Databse connection inside mysqli_real_escape_string(); it receives two parameter. 1- is Database connection that not allow html special character to enter in Databse for SQL injection. 2- is receives data from form.

Thank's

Ericgit
  • 6,089
  • 2
  • 42
  • 53