The mysqli_real_escape_string
is part of the mysqli
module. You are mixing and not using the function properly.
This is how you do it correctly:
mysql_connect("localhost", "root", "");
mysql_select_db("searchengine");
$sql = mysql_query(sprintf(
"SELECT * FROM searchengine WHERE pagecontent LIKE '%s' LIMIT 0,%d",
'%'. mysql_real_escape_string($_GET['term']) .'%',
mysql_real_escape_string($_GET['results']))
);
while($ser = mysql_fetch_array($sql)) {
echo "<h2><a href='$ser[pageurl]'>$ser[pageurl]</a></h2>";
}
// don't forget to close connection
mysql_close();
P.S. mysql_*
is officially deprecated. Please look into using PDO
or MySQLi
library.