Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jan 2010
    Thanked 0 Times in 0 Posts

    htmlspecialchars() expects parameter 1 to be string, array given in

    Hi Guys.. Please can you assist.. please dont just give code or fix it... please reply with an answer to why. Im relatively new to this array coding things.. so would love to learn as I go along..

    I have a contact form with checkboxes...
    <input name="booktype[]" type="checkbox"  id="book_you_love" value="Saffari">
    This submits to a php script... AND IT ALL WORKED FINE WITHOUT ERRORS.
    BUt I have added
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
    To clean the code...

    So the script now looks like this

    	die("You can only reach this page by posting from the html form");
    if ($_POST["captcha_input"] == $_SESSION["pass"])
    	// *** They passed the test! ***
     include ("thank_you.php");
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
    //sends email via php to the following address
    $mailuser = "mozz@mozz.com";
    $name = $_POST[name];
    $email = $_POST[email];
    $checklist1 = implode(', ',$_POST['booktype']);
    $boundary = "nextPart";
    $headers  = "MIME-Version: 1.0\r\n";
    $headers .= "From: ".$name." <".$email.">"."\r\n";
    $headers .= "Content-Type: multipart/alternative; boundary = $boundary\r\n";
    //text version
    $headers .= "--$boundary\n
    Content-Type: text/plain; charset=ISO_8859-1\r\n
    Content-Transfer_Encoding: 7bit\r\n\r\n";
    //html version
    $headers .= "\n--$boundary\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    $mail_body .= "<html><body>";
    	$mail_body = '
    	Your Name              	    : '. $_POST[name].'<br>
    	Mobile Number       	    : '. $_POST[mobile] . '<br>
            Book type                       :'.$checklist1.'<br>
    	$mail_body .= "</body></html>";
    	mail ($mailuser, 'Books I love. Mozz request', $mail_body, $headers);
    } else {
    	// *** They failed the test! ***
        include ("wrong_code.php");
    So once the form submits. I get an error like this.
    Warning: htmlspecialchars() expects parameter 1 to be string, array given in check.php on line ......
    Warning: implode() [function.implode]: Invalid arguments passed in check.php on line....
    So since I have added the
    $_POST = array_map('strip_tags', $_POST);
    $_POST = array_map('htmlentities', $_POST);
    I have these errors.. can somebody explain why and what would be the better process for this.. ???

    thank you

  2. #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Saskatoon, Saskatchewan
    Thanked 2,668 Times in 2,637 Posts
    htmlentities isn't recursive. If you apply it using an array_map to an array such as $_GET or $_POST, than when it hits a value that isn't scalar such as these booktype[] checkboxes, it simply chokes and issues a warning. It then returns null since it doesn't know what else to do with it.
    The implode is deficient only because of the htmlspecialchars. You should still use proper isset checking to make sure its there first, but on the plus side at least you have the check for a posted form.

    So to fix this, simply write a method for htmlentities that's recursive. It's job is only to see if the input is an array, and if so, recurse each item in the array and save the results back. Return the results at the end. Map that to the array_map, and that should work.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts