mysql_real_escape_string error

borrarensson

This is the error
Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in F:\wamp\www\sidan\lr\core\functions\general.php on line 3

BUT i dont see anything wrong🙁

<?php
function sanitize($data) {
	return mysql_real_escape_string($data);
}

function output_errors($errors) {
	return '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
}
?>

laserlight

Well, you need to show us the code in which you use sanitize. Most likely you are passing it an array.

By the way, you should be using the MySQLi or PDO extensions instead of this old MySQL extension for new code.

borrarensson

<?php 
include 'core/init.php';
include '/includes/overall/header.php'; 

if (empty($_POST) === false) {
	$required_fields = array('username', 'password', 'password_again', 'first_name', 'email');
	foreach($_POST as $key=>$value) {
		if (empty($value) && in_array($key, $required_fields) === true) {
			$errors[] = 'Fält som är markerade med * måste fyllas';
			break 1;
		}
	}

if (empty($errors) === true) {
	if (user_exists($_POST['username']) === true) {
		$errors[] = 'Användarnamnet \'' . $_POST['username'] . '\' används redan  ';
	}
	if (preg_match("/\\s/", $_POST['username']) == true) {
		$errors[] = 'Användarnamnet får inte innehålla mellanslag!';
	}
	if (strlen($_POST['password']) < 6){
		$errors[] = 'Ditt lösenord är för kort!';
	}
	if ($_POST['password'] !== $_POST['password_again']) {
		$errors[] = 'Lösenorden matchar inte!';
	}
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
		$error[] = 'Skriv in en riktigt email';
	}
	if (email_exists($_POST) === true) {
		$errors[] = 'Email adressen \'' . $_POST['email'] . '\' används redan  ';
	}
}
}

?>
<h1>Registrera</h1>

<?php
if (empty($_POST) === false && empty($errors) === true) {
	$register_data = array(
		'username' 		=> $_POST['username'],
		'password' 		=> $_POST['password'],
		'first_name'	=> $_POST['first_name'],
		'last_name' 	=> $_POST['last_name'],
		'email' 		=> $_POST['email'],
	);
	register_user($register_data);
	// redirect
	//exit
} else if (empty($errors) === false) {
	echo output_errors($errors);
}
?>

<form action="" method="post">
	<ul>
		<li>
			Användarnamn*:<br>
			<input type="text" name="username">
		</li>
		<li>
			Lösenord*:<br>
			<input type="password" name="password">
		</li>
		<li>
			Skriv Lösenord igen*:<br>
			<input type="password" name="password_again">
		</li>
		<li>
			Förnamn*:<br>
			<input type="text" name="first_name">
		</li>
		<li>
			Efternamn:<br>
			<input type="text" name="last_name">
		</li>
		<li>
			Email adress*:<br>
			<input type="text" name="email">
		</li>
		<li>
			<input type="submit" value="Registrera"
		</li>
	</ul>
</form>


<?php include 'includes/overall/footer.php'; ?>

laserlight

You don't appear to have called the sanitize function in that code.

borrarensson

i dont get what you are meaning. the sanitize function is in the first post

laserlight

borrarensson wrote:
i dont get what you are meaning. the sanitize function is in the first post

You defined the sanitize function in that code snippet, but the error message has to do with the place where you called that function.

borrarensson

<?php
function register_user() {
	array_walk($register_data 'array_sanitize');
	$register_data['password'] = md5($register_data['password']);

$fields = '';
$data = '';
}

function user_count(){
	return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1"), 0);
}

function user_data($user_id) {
	$data = array();
	$user_id = (int)$user_id;

$func_num_args = func_num_args();
$func_get_args = func_get_args();

if ($func_num_args > 1) {
 unset($func_get_args[0]);

	$fields = '`' . implode('`, `', $func_get_args) . '`';
	$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));


	return $data;
}
}

function logged_in() {
	return (isset($_SESSION['user_id'])) ? true : false;
}

function user_exists($username){
	$username = sanitize($username);
	return(mysql_result($query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}

function email_exists($email){
	$email = sanitize($email);
	return(mysql_result($query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}

function user_active($username){
	$username = sanitize($username);
	return(mysql_result($query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false;
}

function user_id_from_username($username){
	$username = sanitize($username);
	return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}

function login($username, $password){
	$user_id = user_id_from_username($username);

$username = sanitize($username);
$password = md5($password);

return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>

Bonesnap

Can you post the first 10 lines from general.php?

borrarensson

i can but im badass so i post the whole

<?php
function logged_in_redirect() {
		if (logged_in() === true) {
			header('Location: index.php');
			exit();
		}
}

function protect_page() {
		if (logged_in() === false) {
			header('Location: protected.php');
			exit();
		}
}

function array_sanitize(&$item){
	$item = mysql_real_escape_string($item);
}

function sanitize($data) {
	return mysql_real_escape_string($data);
}

function output_errors($errors) {
	return '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
}
?>

Derokorian

function array_sanitize(&$item){ 
    $item = mysql_real_escape_string($item); 
}

The problem is here, based on the name and when you call it this function expects to be passed an array, but then you are passing the same array to mysql_real_escape_string() just like the error says. You probably want to loop (maybe with [man]foreach[/man]) the array and pass each entry through mysql_real_escape_string()