Hi guys im making a cms site and very close to finishing it
but i get this one warning which is

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\wamp\www\cms\_class\cms_class.php on line 117

i dont know how to solve it!

It happens when I try to update one of my posts, Can anyone share any light on this and show me were am actully going wrong please.

i have many php files but am just gona show there ones below that might have some affect on this error and it be pointless of me to show more php code thats got nothing to do with it


these are my code.

cms_class.php this cms_class is stored in _class folder

<?php 
//--------------------------------------------------------------------------------------
class modernCMS {

var $host;
var $username;
var $password;
var $database;

// connection info
function connect(){
$connection = mysql_connect($this->host, $this->username, $this->password) or die(mysql_error());
     mysql_select_db($this->database, $connection) or die(mysql_error());
}
//--------------------------------------------------------------------------------------

//--------------------------------------------------------------------------------------

// to get the content from my database 
function get_content($id = ""){

if ($id != ""):
	
	$id = mysql_real_escape_string($id);
	$sql = "SELECT * FROM posts WHERE id = '$id'";
	$return = '<p><a href="index.php"> Go Back To Content Page</a></p>';
	
	else:
	$sql = "SELECT * FROM posts ORDER BY id DESC";
	
	endif;

$res = mysql_query($sql) or die(mysql_error());

// if uses try to go on a id that doesnt exist message

if(mysql_num_rows($res) !=0):

while($row = mysql_fetch_assoc($res)){
   echo '<h1><a href="index.php?id=' . $row['id'] . '">' . $row['title'] . '</a></h1>';
   
   echo '<p>' . $row['body'] . '</p>';
   }
else:
			echo '<p> UH OOH! THERE IS NO SUCH PAGE IT DOES\'T EXIST </p>';	
endif;			

	echo $return;
   }
 
//--------------------------------------------------------------------------------------
 function add_content($p){
	 
	$title = mysql_real_escape_string($p['title']); // these are used in the form fields in add-centent soo its safe to be used
	$body =  mysql_real_escape_string($p['body']);
	
	// if they dont supply title or a body then go a head find out which one they did not supply 
	// this way we dont send blank data to the database and we can tell them what there doing wrong 
	
	if (!$title || !$body):
	
		if (!$title):
		echo "<p>Title is required</p>";
		endif;
		
		if (!$body):
		echo "<p>Body is required</p>";
		endif;	
		
		echo '<p><a href="add-content.php">Try Again!</a></p>';
		
	else:
			$sql = "INSERT INTO posts VALUES (null, '$title', '$body')";
			$res = mysql_query($sql) or die(mysql_error());
			echo "ADD SUCCESSFULLY" ;
	endif;
	 
  }
//--------------------------------------------------------------------------------------

function manage_content(){
	echo '<div id="manage">';
	$sql = "SELECT * FROM posts ORDER BY id DESC";
	$res = mysql_query($sql) or die(mysql_error());
	while($row = mysql_fetch_assoc($res)):
	
	?>
    <div>
    	<h2 class="title"><?php echo $row['title']?></h2>
        <span class="actions"><a href="update-content.php?id=<?php echo $row['id'];?>">Edit</a> | <a href="?delete=<?php echo $row['id'];?>">Delete</a></span>
    </div>
    
	<?php
	endwhile;	
	echo'</div>';
	
  
    }
//--------------------------------------------------------------------------------------
function delete_content($id){
	
	if(!$id){
		return false;
	}else{
		$id = mysql_real_escape_string($id);
		$sql = "DELETE FROM posts WHERE id = '$id'";
		$res = mysql_query($sql) or die (mysql_error());
		echo "Content Deleted Successfully!";
	
		}

	}
//--------------------------------------------------------------------------------------
function update_content_form($id){
	
	$id = mysql_real_escape_string($id); // error apprently here, cms_class.php on 
                                                                           //line 117
	$sql = "SELECT * FROM posts WHERE id = '$id'";
	$res = mysql_query($sql) or die(mysql_error());
	$row = mysql_fetch_assoc($res);
	
	?>
    <form method="post" action="index.php">	
        
            <input type="hidden" name="update" value="true" /> 
            <input type="hidden" name="id" value="<?php echo $row['id'];?>" />       
			<div>
				<label for="title">Title:</label>
				<input type="text" name="title" id="title" value="<?php echo $row['title'];?>"/>
			</div>
			
			<div>
				<label for="body">Body:</label>	
				<textarea name="body" id="body" rows="8" cols="40"><?php echo $row['body'];?></textarea>
			</div>
			
			<input type="submit" name="submit" value="Update Content" />
		</form>

	<?php 
	
	
	
  	}

//--------------------------------------------------------------------------------------
function update_content($p){
	$title = mysql_real_escape_string($p['title']); // these are used in the form fields in add-centent soo its safe to be used
	$body =  mysql_real_escape_string($p['body']);
	$id = mysql_real_escape_string($p['id']);
	// if they dont supply title or a body then go a head find out which one they did not supply 
	// this way we dont send blank data to the database and we can tell them what there doing wrong 
	
	if (!$title || !$body):
	
		if (!$title):
		echo "<p>Title is required</p>";
		endif;
		
		if (!$body):
		echo "<p>Body is required</p>";
		endif;	
		
		echo '<p><a href="update-content.php?id=' . $id . '">Try Again!</a></p>';
		
	else:
			$sql = "UPDATE posts SET title = '$title', body= '$body' WHERE id = '$id'";
			$res = mysql_query($sql) or die(mysql_error());
			echo "UPDATED SUCCESSFULLY" ;
	endif;
	 
   }
	


}

?>

add-content.php this file is stored in a admin folder

<?php 

include '../_class/cms_class.php';
$obj = new modernCMS();

$obj-> host = 'localhost';
$obj-> username = 'ronny';
$obj-> password = 'password';
$obj-> database = 'cms';

$obj-> connect();
 


?>




<html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
      <title>My Modern CMS</title>
       <link href="../style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
   
   
  <div id="page_wrap">
   <?php 
  			include'../nav.php'; ?>
		<h2>Add Content</h2>	
		<form method="post" action="index.php">	
        
            <input type="hidden" name="add" value="true" />      
			<div>
				<label for="title">Title:</label>
				<input type="text" name="title" id="title"/>
			</div>
			
			<div>
				<label for="body">Body:</label>	
				<textarea name="body" id="body" rows="8" cols="40"></textarea>
			</div>
			
			<input type="submit" name="submit" value="Add Content" />
		</form>
  
   </div>
   
   </body>

</html>

manage-content this file is stored in a admin folder

<?php 

include '../_class/cms_class.php';
$obj = new modernCMS();

$obj-> host = 'localhost';
$obj-> username = 'ronny';
$obj-> password = 'password';
$obj-> database = 'cms';

$obj-> connect();
 


?>
<html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
      <title>My Modern CMS</title>
       <link href="../style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
   
   
   <div id="page_wrap">
   <?php include '../nav.php'; ?>
   
   <?php 
   	if($_GET['delete']):
			$obj->delete_content($_GET['delete']);
	endif;		
   
   ?>
            
   <?php $obj->manage_content()?>
   
   </div>
   </body>
</html>

update-content.php this file is stored in a admin folder

<?php 

include '../_class/cms_class.php';
$obj = new modernCMS();

$obj-> host = 'localhost';
$obj-> username = 'ronny';
$obj-> password = 'password';
$obj-> database = 'cms';

$obj-> connect();
 


?>




<html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
      <title>My Modern CMS</title>
       <link href="../style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
   
   
  <div id="page_wrap">
   <?php 
  			include'../nav.php'; ?>
		<h2>Update Content</h2>	
		<?php $obj->update_content_form($_GET['id'])?>
   </div>
   
   </body>

</html>

index.php this file is stored in a admin folder

<?php 

include '../_class/cms_class.php';
$obj = new modernCMS();

$obj-> host = 'localhost';
$obj-> username = 'ronny';
$obj-> password = 'password';
$obj-> database = 'cms';

$obj-> connect();
 


?>




<html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
      <title>My Modern CMS</title>
       <link href="../style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
   
   
   <div id="page_wrap">
   
   <?php include '../nav.php'; ?>
            
    <?php 
	 if($_POST['add']):
	 
	 $obj->add_content($_POST);
	 elseif($_POST['update']):
	 $obj->update_content_form($_POST);
	 endif;
	
	
	?>        

   
   </div>
   </body>
</html>

i get the warning error from cms_class.php on line 117

please can someone save me lol

Recommended Answers

All 4 Replies

Line 38 in the last code: $obj->update_content_form($_POST); Here you pass the entire POST array, instead of just an id.

i dont know what you mean i tried passing the id that didnt work
it should just work with Line 38 in the last code: $obj->update_content_form($_POST);

ryt ryt i fixed it guys i did such a nooby mistake i was calling the wrong object name
it shouldnt been update_content_form it should be update_content lol

now its fixed yey i can now upload it

Please consider to 'mark as solved'.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.