mysqli_real_escape_string() expects parameter 2 to be string, array given in /includes/database.mysqli.inc on line 323

Unable to reproduce.

daouverson2 I tried to reproduce your bug and i was not able to. Can you please write down a detailed description on how to reproduce your bug sothat others can better understand what is happening?

You can do this by setting up a second drupal installation and trying to reproduce the bug inside that one - to give you an idea.

Which optional modules are you using and if you do so, have you tried to switch them off?

So have you tried to make an additional drupal setup using the listed modules and trying to reproduce? you filed a bug-report so steps to reproduce should be given.

and is the error gone when you switch it off?

CCK changed it's hook name from "process form values" to "presave", so the API changed out from under link. This patch will correct the problem and should be included in the 2.3 version later today.

Hi, this issue seems to fixed but i got the same warning as the opening issue above
to date 11/09/08

is it come back somehow -i guess- with the CCK rc7?

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/site/includes/database.mysqli.inc on line 323.

Content Construction Kit (CCK) 6.x-2.0-rc7
links 6.x-2.2
Views 6.x-dev
also i have tried the 'fixed patched' links 6.x-dev gives the same result

I got the same problem:

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /www/htdocs/sitename/http/includes/database.mysqli.inc on line 323.

How can I fix this?

I didnt install link module, but I have almost the same issue except it is parameter 1 instead of parameter 2

error message: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /mnt/w0900/d41/s47/b02f9cb1

Hi,

I have the same issue when I delete a taxonomy term. It will not reproduce every time.. but it did happen few times now...
Any idea?

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in C:\xampp\htdocs\what\includes\database.mysqli.inc on line 323.

· warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in C:\xampp\htdocs\what\includes\database.mysqli.inc on line 323

I am also getting the same error - ...

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/includes/database.mysqli.inc on line 323.

I get this error too, using the latest version of link.
It happens for me when trying to modify $node->taxonomy values in hook_nodeapi's 'presave' op.
Taxonomy values are saved, but I get the warning: mysqli_real_escape_string() expects parameter 2 to be string, array given error
disabling link makes the error go away.
and im not touching any link fields in the 'presave' op, only node->taxonomy.

Hi!

I'm also getting the same error message. I have checked the log, following are the log message.

Location http://www.website.com/tracker
Referrer http://www.website.com/home
Message mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/website/public_html/includes/database.mysqli.inc on line 323.
Severity error

Regards,

IT Web - Q Solutions
Providing web solutions for open source communities

I started having this error couple of days now, I think just after updating to latest dev of l10n_client. Funny thing is that I don't use the module just yet in any CCK field or anything and there were no other modules depending on it (thank God, cause I didn't have any second thoughts on disabling/uninstalling it). This made the error go away and sort of pointed to this module as the most possible cause.

Just a clue on where I get the error. I have some nodes of custom content type that use the viewfield module in their single custom CCK field. If the view arguments passed do not return any results, the error comes up. If the arguments produce some view rows, there is no error. Hope it helps, but this whole thing might be irrelevant to the bug though. Just thought I should mention it anyways.

...setting this back to active.

Hi,
I just ran into this issue. In my case it has been easy to solve: I have D6 - cck installed, with some sample test data on an attribute field. I modified the value of a field and got this error;
I then checked the field's restrictions that I set a bit earlier and verified that I entered a string that was longer than the maximum allowed (Size of textfield: * in the page Manage fields > [fieldname]).

HTH.

Got this error when building a block view with the instructions at http://www.ridgesolutions.ie/index.php/2009/01/19/passing-an-argument-to.... My site is multilingual, so I thought it would be smart (thought it was apparently premature, as well) of me to return t($path[1]) instead of just $path[1]. This worked fine on the English node, but spit out warnings on the Spanish node. Removing the t() fixed it. I'm not sure why it would break break it in the first place, though; t() returns a string, not an array. Maybe Drupal (or Views) just wasn't expecting that call there, and returned an array out of wonkiness.

Cross-posting to #510020: warning: mysqli_real_escape_string() expects parameter 2 to be string, since apparently these errors come in groups.

I really need more data to figure out what's going wrong to produce this error, guys. If I can't get more detail about where the error is coming from, or a way to reproduce this error, there's not really any way for me to reproduce this.

In the case of #24, where he wasn't even using the module to create any fields yet, I can't imagine how link could have caused the problem.

If someone who is having this problem could start by adding a drupal_set_message('<pre>'. print_r(debug_backtrace(), TRUE) .'</pre>'); before the line in database.mysqli.inc - that will at least start show which functions are being called when the error gets hit.

Thanks.

* Update * Disable Tracker view fixed this issue. See http://drupal.org/node/820282

I click on Recent Posts, then My Recent Posts, and this is what I get:

* warning: array_key_exists() [function.array-key-exists]: The first argument should be either a string or an integer in C:\wamp\www\sites\all\modules\views\includes\view.inc on line 1296.
* warning: mysqli_real_escape_string() expects parameter 2 to be string, object given in C:\wamp\www\includes\database.mysqli.inc on line 323.
* warning: Illegal offset type in C:\wamp\www\sites\all\modules\views\includes\view.inc on line 1300.
* warning: Illegal offset type in C:\wamp\www\sites\all\modules\views\includes\view.inc on line 1335.
* recoverable fatal error: Object of class stdClass could not be converted to string in C:\wamp\www\sites\all\modules\views\views.module on line 728.
* warning: Illegal offset type in isset or empty in C:\wamp\www\sites\all\modules\views\views.module on line 735.

or, just go to /tracker/1 if on the super-user account.

Working on finding the problem.

Node Relationships is the source of the problem in my case.

message appears in Views edit of noderelationships_noderef clone, upon clicking the preview button:

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /mysite/includes/database.mysqli.inc on line 323.

adding the debug_backtrace() call on line 323 of the file crashes apache.

but here's what i see in the server error log with heightened PHP error reporting:
[error] [client myip] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 17745760 bytes) in /mysite/includes/theme.inc on line 1168, referer: http://mysite.com/admin/build/views/edit/my_view

It comes and goes with tweaks to the view. I'm still trying to determine the logic of that.

Hi!

I have a surefire way to reproduce this error:

You will need:

• Drupal core 6.19
• CCK 6.x-2.8
• Corresponding Node Reference 6.x-3.3
• Link 6.x-2.9

Steps:

1. Install Drupal core. Enable the modules above. It will depend on some other CCK modules. After install you have two node types page and story.
2. Add a Link field to node type Page with default settings except: On "Link Title" option use "Static Title" radio button with some random title text.
3. Add a Node reference field to type Page. Widget: autocomplete text field. Number of values: Unlimited. Content types that can be referenced: Story.
4. Basically add back reference, so: Add a Node reference to type Story. Widget: autocomplete text field. Number of values: Unlimited. Content types that can be referenced: Page.
5. On Corresponding Node Reference settings page (admin/settings/corresponding_node_references) set these two references to be connected, but none of them to be single. Basically you have to see three checkboxes there, mark checked the first and unchecked the other two.
6. Create a Page node. The Link field will ask only for URL, you have to fill it with some random URL.
7. Reproduce the error: every time you a create Story node with a node reference to the page node created in step 6. the error will appear.

If you need any help to reproduce it I will gladly provide it.

System: Ubuntu 9.10 with Apache, PHP, and MySQL from the repos.

It appears to me that the Link title setting is indifferent, but still, the #30 step-by-step reproduction works to me.

Also set the status.

In case it helps, I have this exact error, but I do not have Link module installed. Otherwise, my system configuration is the same as in #30.

I started seeing the error when saving pictures with EXIF metadata after adding a bunch of CCK text fields to display metadata. From what I gather about my particular case (not knowing yet how to solve it), the fields field_exif_gpslatitude, field_exif_gpslongitude, and field_exif_gpsaltitude are the culprits. It seems the EXIF module that converts the original lat/lon data into a different structure is creating this error, but I'm not sure of that at this point.

I am now seeing this error consistently when using the Bulk Delete module to delete all nodes with the "standard" option. (Incidentally, I am not seeing the error when deleting the only node using Drupal's built-in delete button on the node edit page.)

Here is my error now:

warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /Users/username/Sites/drupalsite/includes/database.mysqli.inc on line 323.

user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE cid = ''' at line 1 query: DELETE FROM WHERE cid = '' in /Users/username/Sites/drupalsite/includes/cache.inc on line 179.

@jcfiala, I'm not sure I get how to backtrace with your code. I tried adding your snippet on line 323, which displaced the "error line" to 324 from 323, but there was an insane amount of output. But perhaps I am misreading your instructions. Below is the section in database.mysqli.inc (I am inserting the line numbers):

318 /**
319  * Prepare user input for use in a database query, preventing SQL injection attacks.
320  */
321 function db_escape_string($text) {
322   global $active_db;
323   return mysqli_real_escape_string($active_db, $text);
324 }

I have virtually the same setup as EdgarPE in #30 and am getting the same error (though it is the "parameter 1" version). I have found that what is happening is that when the child node (considering the parent to be the one with the Link field) is created, the error is happening because the link attributes array in the parent is not serialized. The warning occurs because the field is defined as %s but the value is still an array. When the parent is edited and saved, it does get serialized thus no warning. Also when the child is saved as opposed to created.

The stack trace is different in both cases. Here it is when the error occurs. Note that I am using mysql, not mysqli.

Fatal error: Uncaught exception 'Exception' in includes/database.mysql.inc:324
Stack trace:
#0 includes/database.inc(225): db_escape_string(Array)
#1 [internal function]: _db_query_callback(Array)
#2 includes/database.mysql-common.inc(41): preg_replace_callback('/(%d|%s|%%|%f|%...', '_db_query_callb...', 'UPDATE content_...')
#3 sites/all/modules/cck/content.module(1213): db_query('UPDATE {content...', Array)
#4 sites/all/modules/cck/content.module(1052): content_write_record('content_type_pr...', Object(stdClass), Array)
#5 sites/all/modules/cck/content.module(1281): content_storage('update', Object(stdClass))
#6 sites/all/modules/cck/content.module(299): _content_field_invoke_default('update', Object(stdClass))
#7 sites/all/modules/cnr/corresponding_node_references.crud.inc(145): content
in includes/database.mysql.inc on line 324

and when it does not occur (trace put in to capture this):

Fatal error: Uncaught exception 'Exception' in sites/all/modules/cck/content.module:1213
Stack trace:
#0 sites/all/modules/cck/content.module(1052): content_write_record('content_type_pr...', Object(stdClass), Array)
#1 sites/all/modules/cck/content.module(1282): content_storage('update', Object(stdClass))
#2 sites/all/modules/cck/content.module(299): _content_field_invoke_default('update', Object(stdClass))
#3 sites/all/modules/cck/content.module(422): content_update(Object(stdClass), NULL, NULL)
#4 modules/node/node.module(679): content_nodeapi(Object(stdClass), 'update', NULL, NULL)
#5 modules/node/node.module(932): node_invoke_nodeapi(Object(stdClass), 'update')
#6 modules/node/node.pages.inc(456): node_save(Object(stdClass))
#7 includes/form.inc(776): node_form_submit(Array, Arr in sites/all/modules/cck/content.module on line 1213

I did determine with other debugging that in the first case, the link attributes array is not serialized (thus a mismatch between the '%s' and the array), and in the second case, it is. The difference appears to be how the process of saving the data is performed. In the first case, it is done by the CNR module:

function _corresponding_node_references_update($node) {
  content_update($node);
}

That call to content_update (which leads off the stack trace when the warning occurs) is not resulting in the array field being serialized by any of the subsequent calls. I replaced it with a call to node_save, and that appeared to solve the problem. (Unless you are using popups and popups_reference, which we are, and then you can save the child or popup form w/o error, but when you try to save the parent, because you already have the edit form open, you will get "This content has been modified by another user, changes cannot be saved." Of course, the popups modules are deprecated, but I will mention this here anyway. I do not know if this causes a problem with popups replacement modules.)

I will put a mention in the CNR issue queue. I am not sure if node_save is indeed the answer, but hopefully the information here will shed a little more light on the issue.

subscribing

subscribing

I have same error. It happen when I put a variable in my module.

EXAMPLE: in file mymodule.module in array "items" I put a variable instead of string.

$title = 'Photos : '.$user;
$items['mi_photos/2010'] = array(
'title' => t($title), //here is the problem looks like you cannot use a variable.
'page callback' => 'my_module_run',
'access arguments' => array('access content'),
'description' => t('Photos'),
'type' => MENU_CALLBACK,
);

Thanks for the details, MMachnik, I'll definitely be reading that in more detail the next time I get a chance to breathe and review Link. Unfortunately at the moment I'm quite busy, and I'm hoping to get a 7.x version out the door soon, especially now that Drupal 7 has hit beta.

I had the same problem with the My Recent Posts tab, and disabling 'tracker' from the Views list fixes the error for me, and the My Recent Posts tab functions normal as default.

I've also run into this.

From my debug, it seems like its a problem with cache_set, specifically, when no header set.

function cache_set($cid, $data, $table = 'cache', $expire = CACHE_PERMANENT, $headers = NULL) {
  $serialized = 0;
  if (is_object($data) || is_array($data)) {
    $data = serialize($data);
    $serialized = 1;
  }
  $created = time();
  db_query("UPDATE {". $table ."} SET data = %b, created = %d, expire = %d, headers = '%s', serialized = %d WHERE cid = '%s'", $data, $created, $expire, $headers, $serialized, $cid);
  if (!db_affected_rows()) {
    @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES ('%s', %b, %d, %d, '%s', %d)", $cid, $data, $created, $expire, $headers, $serialized);
  }
}

$headers = NULL, but also headers = '%s' (which means it will be treated like a string), which means further down the chain (line 323 of database.mysqlX.inc), it will be passed to mysqli_real_escape_string (or mysql_real_escape_string) and that will throw a error because NULL != String!

So the simple fix is to change $headers = NULL to $headers = '' in the function call.

BUT this can't be the real issue here, as if it was i'm sure the majority of drupal sites would suffer from watchdogs FILLED with these errors. And they dont, so something else is up somewhere. But i haven't yet worked that bit out.

Update. I have the feeling its MySQL / PHP related, not code related. Because a simple test on another site in /devel/php

global $active_db;
print mysqli_real_escape_string($active_db, NULL);

did not throw any errors.

Same problem here with link with cck 2.9, link 2.9 and cnr 4.1.

I could reproduce using #30.

It happens only with single valued link field, I think because that's when the field is described in the node table (eg. content_type_page). It's the (for some reason empty) attributes array that gets passed as string.

With CCK 6.x-3.0-alpha3 the warning disappears.

subscribing

subscribing

subscribing

I fixed it in my instance (CCK 6.x-3.0-alpha3, link.module 6.x-2.8, CNR 6.x-4.1) by adding the "update" op to also run _link_process() in link_field() (e.g. hook_field()).

I propose the following:

--- link.module (revision 37276)
+++ link.module (working copy)
@@ -199,6 +199,7 @@
       break;
 
     case 'presave':
+    case 'update':
       foreach ($items as $delta => $value) {
         _link_process($items[$delta], $delta, $field, $node);
       }

since this issue is too old to reproduce or correctly commit anything please feel free to start new issue if anything of it persist. thanks for all the effort and thanks for understanding.

Digidog,

I'm reopening this issue because I'm running into this issue with the latest 6.x-dev branch of link. Feel free to close if you or other maintainers feel like it's not link's responsibility, I certainly can understand. But it'd be great if you could give this a read through.

So in my case, I'm experiencing this problem because Corresponding Node Reference (/project/cnr) is invoking content_update() directly. See the related issue: http://drupal.org/node/928042. I'll be posting over there in a second to suggest that they use node_save() instead of content_update(). However, I think it's best that link.module adjust as well.

While this invocation is not kosher, imo link should protect itself.. In general, a module shouldn't be concerned with how it could be misused (a 'void warranty' sort of thing). That being said, I think this is an exception for a few reasons:

1. An link field cannot update unless _link_process() is run. It depends on _link_process for serialization of an array to save to the database. If it's required to run, link.module should make sure it's run. If speed is a concern, you could make sure it's only run once.
2. My guess is that while invoking content_update() is not kosher, it's also not uncommon.
3. It's a very small code change that will make link.module safer and be a stop gap to future issues.

krisahil's fix in #47 works very well. I'm attaching the fix as a patch. Let me know what you think ;)

Thanks!

+1 For fix at #49

Thanks

patch causes error because of trailing whitespaces.
small reroll, review, test ...

committed and pushed to latest --dev

Sorry on further inspection patch at #49 double serializes the attributes values.

JoeMcGuire, please provide more code info or a rerolled patch. I will close the issue now because the patch is already pushed to HEAD and fixes the given problem of the issue title. Feel free to reopen it for a better solution attached or open another issue for

double serializes the attributes values