mysqli_real_escape_string() expects parameter 1 to be mysqli
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// pass $con to mysqli_escape_string() function
$name = mysqli_real_escape_string(trim($_POST["name"]), $con);