TeddyKiller Posted April 15, 2010 Share Posted April 15, 2010 I recieve this error.. Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 10 Now I never use to get this error,and suddenly it's only started to appear. So I'm wondering what the problem is, I do have checkboxes in my form, these are in an array. This could be part the problem. Although how do I fix it? <tr><td height="34">Interested In:</td><td><input type="checkbox" name="men" value="men" /> Men <input type="checkbox" name="checkbox[]" value="women" /> Women <input type="checkbox" name="checkbox[]" value="none" /> None <input type="checkbox" name="checkbox[]" value="other" /> Other</td></tr> They are the checkboxes, this is where the function to clean strings gets called (In the form validation) $_POST = clean($_POST,0,0); And here is the function clean. function clean($_POST, $a, $b) { if($a == '1') : $_POST = array_map('trim', $_POST); endif; if(get_magic_quotes_gpc()) : $_POST = array_map('stripslashes', $_POST); endif; $_POST = array_map('mysql_real_escape_string', $_POST); if($b == '1') : $_POST = array_map('ucwords', $_POST); return $_POST; endif; if($b == '2') : $_POST = array_map('strtolower', $_POST); return $_POST; endif; if($b == '3') : $_POST = array_map('strtoupper', $_POST); return $_POST; endif; return $_POST; } How can I fix the problem? Thanks Quote Link to comment Share on other sites More sharing options...
trq Posted April 15, 2010 Share Posted April 15, 2010 How can I fix the problem? Don't pass arrays to mysql_real_escape_string(). Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 15, 2010 Author Share Posted April 15, 2010 Ok so, whats the best way to do it? I could possibly have them all seperate names, which will work with mysql_real_escape_string() Then.. what could I do.. to put them back into an array because I have something like this.. $checkbox = implode(', ', $_POST['checkbox']); $fields[] = "`interested_in` = '". $checkbox . "'"; What happens is.. for each checkbox as checked, to implode it with a comma. Quote Link to comment Share on other sites More sharing options...
trq Posted April 15, 2010 Share Posted April 15, 2010 The best thing to do would be to get rid of that catch all clean function. This is precisely why such functions aren't flexible enough. Either that or loop through the $_POST array (which by the way is global so doesn't need to be passed to your function) instead of using array_map. Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 15, 2010 Author Share Posted April 15, 2010 Either that or loop through the $_POST array (which by the way is global so doesn't need to be passed to your function) instead of using array_map. What do you mean by loop through? I just don't understand how I'd do a loop with the function.. I do want to keep the function there though.. to save repeating mysql_real_escape_string all the time. Though if it has to be, I can take the mysql_real_escape_string function bit out, and use the function for string formatting, and just insert mysql_real_escape_string without a function to control it. Would mysql_real_escape_string be alright to use with $_POST['checkbox'] even though thats still an array? Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 15, 2010 Author Share Posted April 15, 2010 I made this.. function clean($foo, $a, $b, $c) { foreach($foo as $arr) { if($b == '1') : $arr = trim($arr); endif; if(get_magic_quotes_gpc()) : $arr = stripslashes($arr); endif; if($a == '1') : $arr = mysql_real_escape_string($arr); endif; if($c == '1') { $arr = ucwords($arr); return $arr; } elseif($c == '2') { $arr = strtolower($arr); return $arr; } elseif($c == '3') { $arr = strtoupper($arr); return $arr; } else { return $arr; } } } It doesn't come up with that error now, however.. whats wrong with the implode? $checkbox = implode(', ', clean($_POST['checkbox'],1,0,1)); Warning: implode() [function.implode]: Invalid arguments passed in /home/jeanie/public_html/editprofile.php on line 191 Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted April 15, 2010 Share Posted April 15, 2010 A few things: 1. You should have meaningful variable names. $foo, $a, $b, and $c are horrible variable names, as they provide no context for what they're supposed to be. 2. You don't need to pass $_POST into the function. It's globally available. 3. You should take a look at pdo or mysqli. 4. If you still want to stay with vanilla MySQL, try: function clean($data, $a, $b, $c) // again, pick better names { if (is_array($data)) { $foreach($data as $key => $value) { $data[$key] = clean($value, $a, $b, $c); } } if (get_magic_quotes_gpc()) { $data = stripslashes($data); } if ($a == '1') { $data = mysql_real_escape_string($data); } if ($b == '1') { $data = trim($data); } switch ($c) { case '1': $data = ucwords($data); break; case '2': $data = strtolower($data); break; case '3': $data = strtoupper($data); break; } return $data; } foreach($_POST as $key => $value) { $_POST[$key] = clean($value, $arg1, $arg2, $arg3); } Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 15, 2010 Author Share Posted April 15, 2010 Thanks. Although I'm confused with this bit.. $foreach($data as $key => $value) { $data[$key] = clean($value, $a, $b, $c); } $data[$key] = clean($value, $a, $b, $c); That's just calling clean() all over again? Confused? Also, tested it out, and it still does give the error. Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 17 Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted April 15, 2010 Share Posted April 15, 2010 Thanks. Although I'm confused with this bit.. $foreach($data as $key => $value) { $data[$key] = clean($value, $a, $b, $c); } $data[$key] = clean($value, $a, $b, $c); That's just calling clean() all over again? Confused? Work it out step by step. If the value you pass into clean() is an array, then clean() each value in that array. else clean the individual value based on the options ($a, $b, $c) given. It's a recursive function. Also, tested it out, and it still does give the error. Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/jeanie/public_html/inc/functions.php on line 17 What kinds of values are you passing into it? Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 15, 2010 Author Share Posted April 15, 2010 I have 4 checkboxes.. All with the name of checkbox[] So it's an checkbox array. At the moment, I've changed it.. but the checkboxes value aren't being protected or anything. It's not an huge issue but would be nice if it was possible to mysql_real_escape it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.