The function mysql_real_escape_string
doesn't work if you haven't called mysql_connect
. Better workaround would be creating a MySQL connection on the top, before calling the mysql_real_escape_string
.
mysql_connect("localhost");
$to_raw = mysql_real_escape_string($_POST['to']) ;
echo $to_raw;
Suggestion
It is better to use either PDO
or mysqli_*
functions compared to mysql_*
functions as they are deprecated.