hi,

i am a novice and have recently started practicing some php tutorials. there is this bit of code that involves HTTP authentication which makes sense up until this part:

// connect to database
$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

// grab the user entered log-in data
$user_username = mysql_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_USER']));
$user_password = mysql_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_PW']));
$data = mysql_query($dbc, $query);

The error reporting indicates that mysql_real_escape_string expects a string as parameter 1. I believe $dbc is currently functioning as an array? Is this acceptable or do I need to change something to get this bit of code to function?

The code came directly from a published PHP + MYSQL book. Let me know if there is any way in which I can add context.

reverse the order. the string you want to escape goes first, then the database connection.

yes you should reverse the order