-2
function filter($string) {
 $search = array ("'<script[?>]*?>.*?</script>'si",  // Remove javascript.
              "'<[\/\!]*?[^<?>]*?>'si",  // Remove HTML tags.
              "'<>'si",  // Remove HTML tags.
              "'([\r\n])[\s]+'",  // Remove spaces.
              "'&(quot|#34);'i",  // Remove HTML entites.
              "'&(amp|#38);'i",
              "'&(lt|#60);'i",
              "'&(gt|#62);'i",
              "'&(nbsp|#160);'i",
              "'&(iexcl|#161);'i",
              "'&(cent|#162);'i",
              "'&(pound|#163);'i",
              "'&(copy|#169);'i",
              "'&#(\d+);'e");  // Evaluate like PHP.
 $replace = array ("",
               "",
               "\\1",
               "\"",
               "&",
               "<",
               "?>",
               " ",
               chr(161),
               chr(162),
               chr(163),
               chr(169),
               "chr(\\1)");
 return mysql_real_escape_string(preg_replace ($search, $replace, $string));
}

I bought some script on internet, and developer is not responding, i fixed everything because a lot of things was deprecated, but i can't fix this. This is error

PHP Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/bioskop/public_html/gold-app/gold-includes/GOLD.php on line 72

I tried php version 5.4, 5.5, 5.6 and 7.0. NO success. Please help me upgrade this i'm really new in php. This code is SOLD and it must worked at some point.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Darktwen
  • 333
  • 5
  • 18
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jan 23 '17 at 15:59
  • Lordie; use a prepared statement and do away with all that. – Funk Forty Niner Jan 23 '17 at 15:59
  • *"I tried php version 5.4, 5.5, 5.6 and 7.0"* << The latter doesn't support `mysql_real_escape_string()`. – Funk Forty Niner Jan 23 '17 at 16:00
  • Possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Funk Forty Niner Jan 23 '17 at 16:01
  • Not duplicate, I'm using 5.5 php version now. I just said i TRIED others. – Darktwen Jan 23 '17 at 16:01
  • 1
    *"How developer could sell this on codecanyon if it is not working"* - you paid for this?? really? – Funk Forty Niner Jan 23 '17 at 16:05
  • Yeah I actually did...... This was in archive. I still do not understand, other people are not complaining :( – Darktwen Jan 23 '17 at 16:08
  • That script you "bought", was most likely based on this one http://hornad.fei.tuke.sk/dokumentacie/php/function.preg-replace.html look under *"Example 3. Convert HTML to text"* and https://www.dcc.fc.up.pt/~pbrandao/aulas/0203/bdm/docs/php_pt/function.preg-replace.html – Funk Forty Niner Jan 23 '17 at 16:13
  • On site it is stated it supports php 5.3, 5.4, 5.5 – Darktwen Jan 23 '17 at 16:17
  • Many answers, none says how to fix code. This is amazing :D – Darktwen Jan 23 '17 at 16:19

1 Answers1

1

This is happening because the $string parameter is an array. If you read the manual page for preg_replace, you'll come across the following:

preg_replace() returns an array if the subject parameter is an array, or a string otherwise.

The question is: Why is this filter function being given an array when it expects a string?

Wayne Whitty
  • 19,513
  • 7
  • 44
  • 66
  • I know it's an array, how to change the code? What should i do? How developer could sell this on codecanyon if it is not working. Explain please – Darktwen Jan 23 '17 at 16:03
  • Where is the filter function called? Is it called in one place or is it present throughout the code? – Wayne Whitty Jan 23 '17 at 16:04
  • I found it! $title = filter(htmlspecialchars_decode($_REQUEST['API_TITLE'])); $year = filter(htmlspecialchars_decode($_REQUEST['API_YEAR'])); $category_id = filter($_POST['genre']); $movie_flv = filter($_POST['movie_flv']); $movie_iframe = filter($_POST['movie_iframe']); $post_title = filter($_POST['title']); $year = filter($_POST['year']); $imdb = filter($_POST['imdb']); $directed_by = filter($_POST['directed_by']); $casts = filter($_POST['casts']); Theres a lto of it – Darktwen Jan 23 '17 at 16:07
  • You'll need to find out by doing a full search. I can tell you how to fix the error, but fixing it may create even more errors. – Wayne Whitty Jan 23 '17 at 16:07
  • please just tell me how to fix it please – Darktwen Jan 23 '17 at 16:08
  • Are you sure that's the only piece of code that uses the filter function? – Wayne Whitty Jan 23 '17 at 16:08
  • these are all FILTER callings i have. – Darktwen Jan 23 '17 at 16:09
  • Is there a checkbox in your form? – Wayne Whitty Jan 23 '17 at 16:20
  • What is the name of your checkbox field? – Wayne Whitty Jan 23 '17 at 16:26
  • Choose movie genre, and then you choose genre, comedy etc – Darktwen Jan 23 '17 at 16:29