Jump to content

Warning: mysql_real_escape_string() expects parameter 1 to be string


TeddyKiller

Recommended Posts

I recieve this error..

Warning:  mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 10

 

Now I never use to get this error,and suddenly it's only started to appear. So I'm wondering what the problem is, I do have checkboxes in my form, these are in an array. This could be part the problem. Although how do I fix it?

<tr><td height="34">Interested In:</td><td><input type="checkbox" name="men" value="men" /> Men
<input type="checkbox" name="checkbox[]" value="women" /> Women
<input type="checkbox" name="checkbox[]" value="none" /> None
<input type="checkbox" name="checkbox[]" value="other" /> Other</td></tr>

They are the checkboxes, this is where the function to clean strings gets called (In the form validation)

$_POST = clean($_POST,0,0);

And here is the function clean.

function clean($_POST, $a, $b) {
    if($a == '1') : $_POST = array_map('trim', $_POST); endif;    
    
    if(get_magic_quotes_gpc()) : $_POST = array_map('stripslashes', $_POST); endif;
    $_POST = array_map('mysql_real_escape_string', $_POST);
    
    if($b == '1') : $_POST = array_map('ucwords', $_POST); return $_POST; endif;
    if($b == '2') : $_POST = array_map('strtolower', $_POST); return $_POST; endif; 
    if($b == '3') : $_POST = array_map('strtoupper', $_POST); return $_POST; endif;
    
    return $_POST;
}

 

How can I fix the problem? Thanks

Link to comment
Share on other sites

Ok so, whats the best way to do it? I could possibly have them all seperate names, which will work with mysql_real_escape_string()

Then.. what could I do.. to put them back into an array because I have something like this..

$checkbox = implode(', ', $_POST['checkbox']);
$fields[] = "`interested_in` = '". $checkbox . "'";

What happens is.. for each checkbox as checked, to implode it with a comma.

Link to comment
Share on other sites

The best thing to do would be to get rid of that catch all clean function. This is precisely why such functions aren't flexible enough.

 

Either that or loop through the $_POST array (which by the way is global so doesn't need to be passed to your function) instead of using array_map.

Link to comment
Share on other sites

Either that or loop through the $_POST array (which by the way is global so doesn't need to be passed to your function) instead of using array_map.

What do you mean by loop through? I just don't understand how I'd do a loop with the function..

I do want to keep the function there though.. to save repeating mysql_real_escape_string all the time.

Though if it has to be, I can take the mysql_real_escape_string function bit out, and use the function for string formatting, and just insert mysql_real_escape_string without a function to control it.

 

Would mysql_real_escape_string be alright to use with $_POST['checkbox'] even though thats still an array?

Link to comment
Share on other sites

I made this..

function clean($foo, $a, $b, $c) {
foreach($foo as $arr) {
	if($b == '1') : $arr = trim($arr); endif;	

	if(get_magic_quotes_gpc()) : $arr = stripslashes($arr); endif;
	if($a == '1') : $arr = mysql_real_escape_string($arr); endif;

	if($c == '1') { 
		$arr = ucwords($arr); return $arr; 
	}
	elseif($c == '2') {
		$arr = strtolower($arr); return $arr;
	}
	elseif($c == '3') {
		$arr = strtoupper($arr); return $arr; 
	} else {
		return $arr;
	}
}
}

It doesn't come up with that error now, however.. whats wrong with the implode?

$checkbox = implode(', ', clean($_POST['checkbox'],1,0,1));

Warning: implode() [function.implode]: Invalid arguments passed in /home/jeanie/public_html/editprofile.php on line 191

Link to comment
Share on other sites

A few things:

 

1. You should have meaningful variable names.  $foo, $a, $b, and $c are horrible variable names, as they provide no context for what they're supposed to be.

 

2. You don't need to pass $_POST into the function.  It's globally available.

 

3. You should take a look at pdo or mysqli.

 

4. If you still want to stay with vanilla MySQL, try:

 

function clean($data, $a, $b, $c) // again, pick better names
{
   if (is_array($data))
   {
      $foreach($data as $key => $value)
      {
         $data[$key] = clean($value, $a, $b, $c);
      }
   }

   if (get_magic_quotes_gpc()) { $data = stripslashes($data); }
   if ($a == '1') { $data = mysql_real_escape_string($data); }
   if ($b == '1') { $data = trim($data); }

   switch ($c)
   {
      case '1':
         $data = ucwords($data);
         break;

      case '2':
         $data = strtolower($data);
         break;

      case '3':
         $data = strtoupper($data);
         break;
   }

   return $data;
}

foreach($_POST as $key => $value)
{
   $_POST[$key] = clean($value, $arg1, $arg2, $arg3);
}

Link to comment
Share on other sites

Thanks. Although I'm confused with this bit..

      $foreach($data as $key => $value)
      {
         $data[$key] = clean($value, $a, $b, $c);
      }

$data[$key] = clean($value, $a, $b, $c); That's just calling clean() all over again? Confused?

Also, tested it out, and it still does give the error.

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 17

Link to comment
Share on other sites

Thanks. Although I'm confused with this bit..

      $foreach($data as $key => $value)
      {
         $data[$key] = clean($value, $a, $b, $c);
      }

$data[$key] = clean($value, $a, $b, $c); That's just calling clean() all over again? Confused?

 

Work it out step by step.

 

If the value you pass into clean() is an array,

  then clean() each value in that array.

 

else

  clean the individual value based on the options ($a, $b, $c) given.

 

It's a recursive function.

 

Also, tested it out, and it still does give the error.

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 17

 

What kinds of values are you passing into it?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.