0

I have a form to inject data in a database. When user clicks submit button this error shows up in a <input type=text>field. I have been looking around for a solution for hours but I do not know how to fix this.


Warning: htmlentities() expects parameter 1 to be string, array given in C:rr\xampp\htdocs\ecommerce\helpers\helpers.php on line 11

helpers.php

   <?php
function display_errors($errors){
    $display = ' <ul class="bg-danger">';
    foreach($errors as $error){
        $display .='<li class="text-danger">'.$error. '</li> ';
    }
    $display .='</ul>';
    return $display;
}
function sanitize ($dirty){
    return htmlentities($dirty, ENT_QUOTES, "UTF-8");
}

function money($number){
    return '$ '.number_format($number,2);

}

form.php

<form action="products.php?add=1" method="POST" enctype="multipart/form-data">

    <div class='container_12'>
    <div class="form-group col-md-3">
        <label for="prod_name">Product Name*:</label>
        <input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST):' ');?>">

    </div>
    <div class="form-group col-md-3">
        <label for="parent">Parent Category*:</label>
        <select class="form-control" id="parent" name="parent"> 
            <option value=""<?=((isset($_POST['parent']) && $_POST['parent'] == '')?'selected':'');?>></option> 
                <?php while($parent = mysqli_fetch_assoc($parentQuery)): ?> 
            <option value=" <?=$parent['id'];?>"<?=((isset($_POST['parent']) && $_POST['parent'] == $parent['id'])?' select':'');?>><?=$parent['category_name'];?></option> 
                <?php endwhile; ?> 
        </select>
    </div>
    <div class='form-group col-md-3'>
        <label for='child'>Second Category*:</label>
        <select id='child' name='child' class='form-control'></select>
    </div>
    </div>

    <div class='container_12'>

        <div class='form-group col-md-3'>
                <label for='list_price'>List Price(OPTIONAL): </label>
                <input type="text" id="list_price" name="list_price" class="form-control" value="<?=((isset($_POST['list_price']))?sanitize($_POST['list_price']):'');?>">
        </div>

         <div class="form-group col-md-3">
        <label for="price">Price*:</label> 
        <input type="text" id="price" name="price" class="form-control" value="<?=((isset($_POST['price']))?sanitize($_POST['price']):'');?>"> 
    </div>

     <div class='form-group col-md-3'>
                <label for='prod_width'>Width* (in inches):</label>
                <input type="text" id="prod_width" name="prod_width" class="form-control" value="<?=((isset($_POST['prod_width']))?sanitize($_POST['prod_width']):'');?>">
        </div>

     <div class='form-group col-md-3'>
                <label for='prod_depth'>Height*(in inches):</label>
                <input type="text" id="'prod_depth" name="'prod_depth" class="form-control" value="<?=((isset($_POST['prod_depth']))?sanitize($_POST['prod_depth']):'');?>">
        </div>
    </div>

    <div class='container_12'>
     <div class='form-group col-md-3'>
                <label for='prod_height'>Depth*(in inches):</label>
                <input type="text" id="prod_height" name="prod_height" class="form-control" value="<?=((isset($_POST['prod_height']))?sanitize($_POST['prod_height']):'');?>">
        </div>

    <div class='form-group col-md-3'>
                <label for='prod_material'>Construction Material:</label>
                <input type="text" id="prod_material" name="prod_material" class="form-control" value="<?=((isset($_POST['prod_material']))?sanitize($_POST['prod_material']):'');?>">

    </div>

    <div class='form-group col-md-6'>
        <label>Quantity * :</label>
          <input type="text" id="quantity" name="quantity" class="form-control" value="<?=((isset($_POST['quantity']))?sanitize($_POST['quantity']):'');?>">

    </div>
    </div>

    <div class='container_12'>
        <div class="form-group col-md-3"> <label for="image_1">Product Photo #1:</label> 
        <input type="file" name="image_1" id="image_1" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_2">Product Photo #2:</label> 
        <input type="file" name="image_2" id="image_2" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_3">Product Photo #3:</label> 
        <input type="file" name="image_3" id="image_3" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_4">Product Photo#4:</label> 
        <input type="file" name="image_4" id="image_4" class="form-control"> 
    </div>

    </div>



    <div class='container_12'>
    <div class="form-group col-md-6">
        <label for="description">Description:</label>
        <textarea id="description" name="description" class="form-control" rows="6"><?=((isset($_POST['description']))?sanitize($_POST['description']):'');?></textarea> 
    </div>



      <div class="form-group col-md-6">
        <label for="care_instructions">Care Instructions*:</label>
        <textarea id="care_instructions" name="care_instructions" class="form-control" rows="6"><?=((isset($_POST['care_instructions']))?sanitize($_POST['care_instructions']):'');?></textarea> 
      </div></div>

    <div class='container_12'>
        <div class="form-group pull-right">
    <input type='submit' value='Add Product' class='form-control btn-success pull-right'>
        </div></div>
                       </form>
Improve this question
2
  • Could you share the complete form and the php code where you take the inputs? Commented Nov 19, 2016 at 23:29
  • 1
    You are passing $_POST(which is an array) instead of $_POST['prod_name'] to the function sanitize(). I think it's just a typo :) Commented Nov 20, 2016 at 0:02

1 Answer 1

Reset to default
1

You are passing the whole $_POST variable to serialize in the product name input (that's why the error says 'array given').

Check this line:

<input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST):' ');?>">

And change it with this:

<input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST['prod_name']):' ');?>">
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.