• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mysql_real_escape_string() expects parameter 1 to be string, array given

#1
Code:
 foreach($q->result_array() as $row) {        
       $descs[] = mysql_real_escape_string($row);   //  Message: mysql_real_escape_string() expects parameter 1 to be string, array given
How can I apply the function to just the value or how can I make the value a string? I used to know how to do this, but have forgotten.

If I attempt to fix the problem with the quotes inside the view instead I get this error:
Message: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user....
Reply

#2
Keep in mind the every element of the result_array() is an array itself. Usually it contains the fields you requested from your database.
I guess that one of your fields is named 'description'.
If that is the case, modify the foreach loop like this:
PHP Code:
foreach($q->result_array() as $row) {        
    $descs
[] = mysql_real_escape_string($row['description']);

I question if you really need the mysql_real_escape_string with CodeIgniter. I never use it, and I never encountered problems with strings that have quotes or special characters.
Reply

#3
(04-23-2016, 12:56 AM)Wouter60 Wrote: Keep in mind the every element of the result_array() is an array itself. Usually it contains the fields you requested from your database.
I guess that one of your fields is named 'description'.
If that is the case, modify the foreach loop like this:
PHP Code:
foreach($q->result_array() as $row) {        
    $descs
[] = mysql_real_escape_string($row['description']);

I question if you really need the mysql_real_escape_string with CodeIgniter. I never use it, and I never encountered problems with strings that have quotes or special characters.

That's correct but it seems OP is looping through a query result. The mysql_real_escape_string() function is only for data being inserted into the database, so is not needed here.

At least that's how I do it - otherwise I've been doing it wrong all this time!
Reply

#4
mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement.

If your using CI it escapes the query for you.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#5
I ended up using a str_replace to get those quotes escaped before making a javascript array out of the data. Wasn't really using it to insert data going into a table... that's where the data is coming from.
Reply

#6
@cupboy

1. You are trying to apply a function to a column in the returned array. What this function is going to do, what the goal is?

2. mysql_real_escape_string() is a function for escaping value when you prepare a SQL statement. You apply it on the returned result. Why?

3. mysql_real_escape_string() belongs to a certain SQL driver that is deprecated and as far as I know removed in PHP7.

4. mysql_real_escape_string() probably does not match to the current database driver that CodeIgniter uses. If you need such an escaping, see in documentation what routines the Database class provides.

Remove this code, explain exactly what you intend to do.
Reply

#7
1. The goal is to put the results into a javascript array that requires the same type of escaping as an SQL statement
3. Fixed that to be mysqli instead.

I've fixed all this and the code is fine now.
Reply

#8
No, you haven't.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.