bravo14 Posted April 10, 2014 Share Posted April 10, 2014 Hi Guys I have a script that I have used before without any issues based on a tutorial. However when I do Update Cart get the following error Array Warning: addslashes() expects parameter 1 to be string, array given in /home/sites/starkeracing.co.uk/public_html/library/config.php on line 5 The form is made up of the following code <form action="/cart.php?action=update" method="post" name="frmCart" id="frmCart"> <table width="780" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> <tr class="entryTableHeader"> <td colspan="2" align="center">Item</td> <td align="center">Unit Price</td> <td width="75" align="center">Quantity</td> <td align="center">Total</td> <td width="75" align="center"> </td> </tr> <tr class="content"> <td width="80" align="center"><a href="main.php?c=2&p=1"><img src="img/product/f9bf45f907835051aa131dde0ec00ef8.jpg" border="0"></a></td> <td><a href="main.php?c=2&p=1">Soft Shell Jacket</a></td> <td align="right">£40.00</td> <td width="75"><input name="txtQty[]" type="text" id="txtQty[]" size="5" value="1" class="box" onKeyUp="checkNumber(this);"> <input name="hidCartId[]" type="hidden" value="15"> <input name="hidProductId[]" type="hidden" value="1"> </td> <td align="right">£40.00</td> <td width="75" align="center"> <input name="btnDelete" type="button" id="btnDelete" value="Delete" onClick="window.location.href='/cart.php?action=delete&cid=15';" class="box"> </td> </tr> <tr class="content"> <td colspan="4" align="right">Sub-total</td> <td align="right">£40.00</td> <td width="75" align="center"> </td> </tr> <tr class="content"> <td colspan="4" align="right">Shipping </td> <td align="right">£5.00</td> <td width="75" align="center"> </td> </tr> <tr class="content"> <td colspan="4" align="right">Total </td> <td align="right">£45.00</td> <td width="75" align="center"> </td> </tr> <tr class="content"> <td colspan="5" align="right"> </td> <td width="75" align="center"> <input name="btnUpdate" type="submit" id="btnUpdate" value="Update Cart" class="box"></td> </tr> </table> </form> The following function is called if (!get_magic_quotes_gpc()) { if (isset($_POST)) { foreach ($_POST as $key => $value) { echo $value; $_POST[$key] = trim(addslashes($value)); } } if (isset($_GET)) { foreach ($_GET as $key => $value) { $_GET[$key] = trim(addslashes($value)); } } } It appears as I have echoed the $value from the get_magic_quotes function that no values are being posted. The following notice is also displayed 1 Notice: Uninitialized string offset: 0 in /home/sites/starkeracing.co.uk/public_html/library/cart-functions.php on line 133 Notice: Uninitialized string offset: 0 in /home/sites/starkeracing.co.uk/public_html/library/cart-functions.php on line 136 Below is the updateCart function that is generating the error above. function updateCart() { $cartId = $_POST['hidCartId']; $productId = $_POST['hidProductId']; $itemQty = $_POST['txtQty']; $numItem = count($itemQty); $numDeleted = 0; $notice = ''; for ($i = 0; $i < $numItem; $i++) { $newQty = (int)$itemQty[$i]; if ($newQty < 1) { // remove this item from shopping cart deleteFromCart($cartId[$i]); $numDeleted += 1; } else { // check current stock $sql = "SELECT pd_name, pd_qty FROM tbl_product WHERE pd_id = {$productId[$i]}"; $result = dbQuery($sql); $row = dbFetchAssoc($result); if ($newQty > $row['pd_qty']) { // we only have this much in stock $newQty = $row['pd_qty']; // if the customer put more than // we have in stock, give a notice if ($row['pd_qty'] > 0) { setError('The quantity you have requested is more than we currently have in stock. The number available is indicated in the "Quantity" box. '); } else { // the product is no longer in stock setError('Sorry, but the product you want (' . $row['pd_name'] . ') is no longer in stock'); // remove this item from shopping cart deleteFromCart($cartId[$i]); $numDeleted += 1; } } // update product quantity $sql = "UPDATE tbl_cart SET ct_qty = $newQty WHERE ct_id = {$cartId[$i]}"; dbQuery($sql); } } if ($numDeleted == $numItem) { // if all item deleted return to the last page that // the customer visited before going to shopping cart header("Location: $returnUrl" . $_SESSION['shop_return_url']); } else { header('Location: cart.php'); } exit; } Link to comment https://forums.phpfreaks.com/topic/287676-array-warning-addslashes-expects-parameter-1-to-be-string-array-given/ Share on other sites More sharing options...
Jacques1 Posted April 10, 2014 Share Posted April 10, 2014 Where on earth did you dig that script out? This “magic quotes” stuff comes from the early days of PHP and was finally removed around 5 years ago. The whole idea of blindly adding slashes to all input is just nonsense. It's also well-known that addslashes() does not reliably prevent SQL injections, because it fails to take the character encoding into account. That's why back in 2002, the PHP developer added mysql_real_escape_string(). That was 12 years ago! The whole MySQL extension you're using is obsolete since at least a decade and will be removed in the future. I strongly suggest that you update your PHP and the code. Software definitely doesn't get better over time. Nowadays, we use PDO or MySQLi to access databases: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers Link to comment https://forums.phpfreaks.com/topic/287676-array-warning-addslashes-expects-parameter-1-to-be-string-array-given/#findComment-1475683 Share on other sites More sharing options...
mac_gyver Posted April 11, 2014 Share Posted April 11, 2014 your first error is because you have used array names for some of your form fields, so you are submitting arrays of post variables, not just scaler post variables and that code wasn't designed to handle arrays. whatever code you end up with needs to take into account the structure of the data it is dealing with. in addition to what has already been mentioned about the code, you should only (properly) escape (or cast numerical values) the data as it is being put into the sql query statement (or use prepared queries) so that the original data can be used as is by the rest of the program. i didn't look into the second error since the line number mentioned in the error wasn't identified in the posted code, but this error is probably also related to using array names for the form fields. so, the same comment would apply - whatever code you end up with needs to take into account the structure of the data it is dealing with. Link to comment https://forums.phpfreaks.com/topic/287676-array-warning-addslashes-expects-parameter-1-to-be-string-array-given/#findComment-1475735 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.