0

I am finding the following error: "Warning: htmlspecialchars() expects parameter 1 to be string, array given..."

This happens in the following piece of code and only when I added input fields to the form whose name was an array (so I could repeat the input multiple times). The line the error refers to is ($v=htmlspecialchars($value);)

if ($len > 2) {
    $values=array();
    $possible=array('orderId','source','date', 'clientPrice','firstName','lastName','email','address','city','zip');
    $i=1;
    $query2 = "UPDATE orders SET ";
    foreach ($_POST as $key => $value) {
        $k=htmlspecialchars($key);
        $v=htmlspecialchars($value);
        if(in_array($k, $possible)) {
            $query2 .= $k." = ?";
            $values[]=$v;  //append values to an array for later use
            if($i < ($len-2)) $query2 .= ', ';
            $i++;
        }
    }
}

Any idea of how to solve this and the reason for the error?

Improve this question
2
  • 1
    The error tells you exactly what is wrong. What do you need us to do? Commented Sep 16, 2013 at 19:53
  • Your $_POST array probably has values in it you don't realize exist. Or they have blank values. Commented Sep 16, 2013 at 19:54

3 Answers 3

Reset to default
1

You answered your own question in the first paragraph. You passed an array as values, therefore $value is going to be an array of the various inputs you assigned an array name to.

foreach($_POST as $key => $value)
{
    if ( ! is_array($value))
    {
        // Manage values that aren't arrays
    }
}

Iterating over $_POST isn't really a good practice. You would be better assigning the actual names of the fields to their own variables or creating your own array with the exact data you need.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

How could I just skip the posting if it is an array? I would like the array value not to be added into here...
do not hamper with all _POST variables. Take what you need and leave others alone :)
0

Do not deal with all _POST values. Check only what you require. Try this code for a different approach, more correct.

foreach ($possible as $_possib) {
    if (!isset($_POST[$_possib])) continue;
    $query1 .= $_possib." = ?";
    $values[] = htmlspecialchars($_POST[$_possib]); // should be mysql_real_escape?
    if($i < ($len-2)) $query2 .= ', ';
    $i++;
}

By the way, please think about htmlspecialchars, since it is only for correct displaying in html form. It seems that you will submit these values to a database, so use relevant escape function.

Improve this answer

Comments

0

as the error states, at least one of your $_POST values appear to be an array.

try wrapping your htmlspecialchars() call within array_walk_recursive. i've also added an if(is_array()) check so as to only apply it when needed.

if(is_array($value)) array_walk_recursive(htmlspecialchars($value));

alternatively, you may want to var_dump($_POST) to see which input fields are appearing as an array, and maybe tweak your form accordingly if this is undesirable behavior.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.