SQL warning: mysql_real_escape_string() expects parameter 1 to be string

I am using following query:

$search = mysql_query("SELECT * FROM `users` WHERE username LIKE '%".mysql_real_escape_string($query)."%' OR name LIKE '%".mysql_real_escape_string($query)."%' ORDER BY timestamp");

where $query is words user search for. I am getting following warning:

Warning: mysql_real_es开发者_开发技巧cape_string() expects parameter 1 to be string

The table has username as varchar. Is this what problem is? Or can anyone please help me if they know what is causing this warning?

$query (the VARIABLE) is no string. That's the simple answer that the error message already told you.

Fix that. Listen to what the error message says. It doesn't speak about the query itself, but the /variable/.

If $query is supplied by user input, you should check to ensure that it has a value:

if(!is_null($query)) {
....
}

Since you don't show much code, it could be that your assignment to $query is failing resulting in $query being NULL. I don't think that error is specific to a string value type, it's only saying there's nothing there!

$query is probably not string (it could be bool or simply integer) You have probably some string BEFORE this line

try to do this before your query

$query = (string) $query

It should work then as it's forced to convert $query to the string