Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    24
    Thanks
    0
    Thanked 0 Times in 0 Posts

    htmlspecialchars() expects parameter 1 to be string, array given in

    Hi Guys.. Please can you assist.. please dont just give code or fix it... please reply with an answer to why. Im relatively new to this array coding things.. so would love to learn as I go along..

    I have a contact form with checkboxes...
    Code:
    <input name="booktype[]" type="checkbox"  id="book_you_love" value="Saffari">
    This submits to a php script... AND IT ALL WORKED FINE WITHOUT ERRORS.
    BUt I have added
    Code:
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
    To clean the code...

    So the script now looks like this

    Code:
    <?
    session_start();
    
    if ($_SERVER["REQUEST_METHOD"] <> "POST")
    	die("You can only reach this page by posting from the html form");
    
    if ($_POST["captcha_input"] == $_SESSION["pass"])
    {
    	// *** They passed the test! ***
     include ("thank_you.php");
     
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
     
    //sends email via php to the following address
    $mailuser = "mozz@mozz.com";
    
    $name = $_POST[name];
    $email = $_POST[email];
    
    $checklist1 = implode(', ',$_POST['booktype']);
    
    $boundary = "nextPart";
    
    $headers  = "MIME-Version: 1.0\r\n";
    $headers .= "From: ".$name." <".$email.">"."\r\n";
    $headers .= "Content-Type: multipart/alternative; boundary = $boundary\r\n";
    
    //text version
    $headers .= "--$boundary\n
    Content-Type: text/plain; charset=ISO_8859-1\r\n
    Content-Transfer_Encoding: 7bit\r\n\r\n";
    
    //html version
    $headers .= "\n--$boundary\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    
    $mail_body .= "<html><body>";
    
    	$mail_body = '
    	Your Name              	    : '. $_POST[name].'<br>
    	Mobile Number       	    : '. $_POST[mobile] . '<br>
    
            Book type                       :'.$checklist1.'<br>
        
      	';
    
    	$mail_body .= "</body></html>";
    
    	mail ($mailuser, 'Books I love. Mozz request', $mail_body, $headers);
    
    
    } else {
    	// *** They failed the test! ***
        include ("wrong_code.php");
    	}
    ?>
    So once the form submits. I get an error like this.
    Code:
    Warning: htmlspecialchars() expects parameter 1 to be string, array given in check.php on line ......
    
    Warning: implode() [function.implode]: Invalid arguments passed in check.php on line....
    So since I have added the
    Code:
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
    I have these errors.. can somebody explain why and what would be the better process for this.. ???

    thank you

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    htmlentities isn't recursive. If you apply it using an array_map to an array such as $_GET or $_POST, than when it hits a value that isn't scalar such as these booktype[] checkboxes, it simply chokes and issues a warning. It then returns null since it doesn't know what else to do with it.
    The implode is deficient only because of the htmlspecialchars. You should still use proper isset checking to make sure its there first, but on the plus side at least you have the check for a posted form.

    So to fix this, simply write a method for htmlentities that's recursive. It's job is only to see if the input is an array, and if so, recurse each item in the array and save the results back. Return the results at the end. Map that to the array_map, and that should work.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •