I am finding the following error: "Warning: htmlspecialchars() expects parameter 1 to be string, array given..."
This happens in the following piece of code and only when I added input fields to the form whose name was an array (so I could repeat the input multiple times). The line the error refers to is ($v=htmlspecialchars($value);)
if ($len > 2) {
$values=array();
$possible=array('orderId','source','date', 'clientPrice','firstName','lastName','email','address','city','zip');
$i=1;
$query2 = "UPDATE orders SET ";
foreach ($_POST as $key => $value) {
$k=htmlspecialchars($key);
$v=htmlspecialchars($value);
if(in_array($k, $possible)) {
$query2 .= $k." = ?";
$values[]=$v; //append values to an array for later use
if($i < ($len-2)) $query2 .= ', ';
$i++;
}
}
}
Any idea of how to solve this and the reason for the error?
You answered your own question in the first paragraph. You passed an array as values, therefore $value is going to be an array of the various inputs you assigned an array name to.
foreach($_POST as $key => $value)
{
if ( ! is_array($value))
{
// Manage values that aren't arrays
}
}
Iterating over $_POST isn't really a good practice. You would be better assigning the actual names of the fields to their own variables or creating your own array with the exact data you need.
Do not deal with all _POST values. Check only what you require. Try this code for a different approach, more correct.
foreach ($possible as $_possib) {
if (!isset($_POST[$_possib])) continue;
$query1 .= $_possib." = ?";
$values[] = htmlspecialchars($_POST[$_possib]); // should be mysql_real_escape?
if($i < ($len-2)) $query2 .= ', ';
$i++;
}
By the way, please think about htmlspecialchars, since it is only for correct displaying in html form. It seems that you will submit these values to a database, so use relevant escape function.
as the error states, at least one of your $_POST values appear to be an array.
try wrapping your htmlspecialchars() call within array_walk_recursive. i've also added an if(is_array()) check so as to only apply it when needed.
if(is_array($value)) array_walk_recursive(htmlspecialchars($value));
alternatively, you may want to var_dump($_POST) to see which input fields are appearing as an array, and maybe tweak your form accordingly if this is undesirable behavior.