Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data?

Possible Duplicate:
mysql_escape_string VS mysql_real_escape_string

I need to get company_name (given by user through a form) entered into my mysql database. When I use

$company = mysqli_real_escape_string($_POST['company_name'])

I get an error

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in     /opt/lampp/htdocs/Abacus-Version-2/admin/Company/insert_company.php on line 58

But everything seems to fine while using

$company = mysql_real_escape_string($_POST['company_name'])

What can I do in such cases?

Leave a Comment