PHP Notice: Array to string conversion

Question

I have an ecommerce site based off of this tutorial.

Now, in the cart.php page, whenever someone updates the quantity and proceeds to click the Update Cart button, they are greeted with the following notices:

Notice: Array to string conversion in /home/aquadual/public_html/fiverrproject/plaincart/library/config.php on line 51

Notice: Array to string conversion in /home/aquadual/public_html/fiverrproject/plaincart/library/config.php on line 51

Notice: Array to string conversion in /home/aquadual/public_html/fiverrproject/plaincart/library/config.php on line 51
Unknown column 'A' in 'where clause'

Here is the code in the config.php file affecting this notice:

if (!get_magic_quotes_gpc()) {
    if (isset($_POST)) {
        foreach ($_POST as $key => $value) {
            **$_POST[$key] =  trim(addslashes($value));**
        }
    }

    if (isset($_GET)) {
        foreach ($_GET as $key => $value) {
            $_GET[$key] = trim(addslashes($value));
        }
    }   
}

The actual line being line 51 in the whole config file:

$_POST[$key] =  trim(addslashes($value));

Answer 1

You actually have two problems in this error.

The first part is that you are assuming every value in your $_POST array is a string (given your use of trim() and addslashes()). This is not necessarily the case -- a value in that array could also be an array. The notices are telling you that, three times, you are trying to treat an array as if it were a string. However, these are non-fatal notices that should not directly cause your page to crash.

The second error is the last line, which is probably unrelated to the first three error lines (though it could be related indirectly... 0_0). This error is an error in a SQL query somewhere, causing a fatal error, which causes the PHP code to stop executing. It looks like you are trying to limit a SELECT or UPDATE statement based on a column that doesn't exist in the table you are querying. You should check your SQL code to make sure it's working correctly. This is probably not near line 51.

Answer 2

Well, first of all you should post also a print_r() of your $_POST var. Anyway, there is a case where you can have an array inside a $_POST['whatever']:

<input type="text" name="arr[]" value="a">
<input type="text" name="arr[]" value="b">
<input type="text" name="arr[]" value="c">

this will produce:

$_POST => Array(
  'arr' => Array(
     0 => 'a',
     1 => 'b',
     2 => 'c'
  )
)

Afaik, it's the only case

Answer 3

I like to code as following

if (!get_magic_quotes_gpc())
{
    if (!empty($_GET))
    {
        $_GET  = addslashes_deep($_GET);
    }
    if (!empty($_POST))
    {
        $_POST = addslashes_deep($_POST);
    }

    $_COOKIE   = addslashes_deep($_COOKIE);
    $_REQUEST  = addslashes_deep($_REQUEST);
}
function addslashes_deep($value)
{
    if (empty($value))
    {
        return $value;
    }
    else
    {
        return is_array($value) ? array_map('addslashes_deep', $value) : addslashes($value);
    }
}