[SOLVED] Notice: Array to string conversion

dropfaith · October 9, 2008

      <?php
// includes
include("../template/conf.php");
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// generate and execute query
               $Author = mysql_escape_string($_GET['Author']);
               $query = "SELECT * FROM story  WHERE Author = '$Author'";
               $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

// if records present
if (mysql_num_rows($result) > 0)
{
// iterate through resultset
// print article titles
while($row = mysql_fetch_object($result))
{
?>   
<tr>
   <td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td>
   <td style="text-align:left;"><?php echo $row->Date; ?></td>
    <td style="text-align:left;"><?php echo $row->Genre;?> </td>
</tr>
<?php
}
}
// if no records present
// display message
else
{
?>
<p>No press releases currently available</p>
<?php
}

// close database connection
mysql_close($connection);
?>

DeanWhitehouse · October 9, 2008

why are you doing [] on the end of the url?

The Little Guy · October 9, 2008

Please provide more information, such as what code is doing this, not the entire file.

DarkWater · October 9, 2008

Well, the error is from echoing out an array:

$array = array(1, 2, 3, 4, 5); //array
echo $array; //notice!

dropfaith · October 9, 2008

my bad i meant to edit the post down to the code causeing the issue before posting..

the [] is on the end of the url cause these errors were pointed out to me in a site security thread and the person who did it pointed out the error if that happened..

DeanWhitehouse · October 9, 2008

Well if you removed [] then it should have no errors,

The Little Guy · October 9, 2008

$array = array(1, 2, 3, 4, 5); //array
foreach($array as $arr){
     echo $arr;
}

dropfaith · October 9, 2008

right but say the user for whatever reason adds that is it like a security issue? im not sure what was meant by the error in the security thread.

also

http://lawrenceguide.org/bands/profile.php?Name=Dropfaith%20Tests works fine but if the user does this

http://lawrenceguide.org/bands/profile.php

i get this error

Notice: Undefined index: Name in /home/www/lawrenceguide.org/www/bands/profile.php on line 89

im trying to clear them all up and dont want to open a new thread for what i assume is an easy fix

DeanWhitehouse · October 9, 2008

It means the var is not defined.

And how is it a security issue?

There is nothing different except the error.

dropfaith · October 9, 2008

i know its from the var not being defined i just want to remove these errors and was hoping i could do it without just turning off error reporting cause i try not to ever do that

dropfaith · October 9, 2008

is it possible if the var isnt defined it redirects the user to the index?

DeanWhitehouse · October 9, 2008

Well then you will have to change your code, you will have to rely on people to use there own common sense, and i would just turn off error reporting on that page

error_reporting(0);

or

if(!isset($var))

{

header("Location:page.php");

}

DarkWater · October 9, 2008

Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O

dropfaith · October 9, 2008

$name is defined from the url normally i never count on user common sense users can be some dumb people.

im new to all this

The Little Guy · October 9, 2008

Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O

Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages?

You should really have the errors go into an error log.

DeanWhitehouse · October 9, 2008

On a live site, you should turn off errror reporting and/or make your own custom ones.

DarkWater · October 9, 2008

Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O

Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages?

You should really have the errors go into an error log.

You should only turn off error_reporting after the errors are fixed. If you just have an error log, you wouldn't really know about a Notice or Warning unless you went into the error log constantly.

BillyBoB · October 9, 2008

The reason that is a security issue is Full Path Disclosure. It gives the end user the full path to your server. Which in certain cases can give the end user your username for the cpanel.

dropfaith · October 9, 2008

http://lawrenceguide.org/literature/byauthor.php?Author[] on line 59 it erros theres no arrays in this script at all

$Author = mysql_escape_string($_GET['Author']); is line 59 on the page btw no idea how to remove this Notice still as theres no array (im only doing this on the off chance a user attempts to load this url to get full path disclosure

<?php
// includes
include("../template/conf.php");


// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");

// select database
mysql_select_db($db) or die ("Unable to select database!");

// generate and execute query
				$Author = mysql_escape_string($_GET['Author']);
				$query = "SELECT * FROM story  WHERE Author = '$Author'";
				$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());




// if records present
if (mysql_num_rows($result) > 0)
{
// iterate through resultset
// print article titles
while($row = mysql_fetch_object($result))
{
?>	


<tr>
<td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td>
<td style="text-align:left;"><?php echo $row->Date; ?></td>
	<td style="text-align:left;"><?php echo $row->Genre;?> </td>
</tr>



<?php
}
}
// if no records present
// display message
else
{
?>
<p>No press releases currently available</p>
<?php
}

// close database connection
mysql_close($connection);
?>

kenrbnsn · October 9, 2008

You want to put a check in before that line that is something like:

<?php
if (isset($_GET['Author']) && is_array($_GET['Author']))
//
// issue an error message and leave
//
}
?>

Ken

dropfaith · October 10, 2008

	if(!is_array($_GET['Type']))
{
	$Type = mysql_escape_string($_GET['Type']);
	$query = "SELECT * FROM food  WHERE Type = '$Type'";

	$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
}
else
{
//special circumstance
	$query = "SELECT * FROM food";
	$result = mysql_query($query) or die("Error in query: $query. " . mysql_error());
}

Sign In

[SOLVED] Notice: Array to string conversion

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information