警告：mysql_real_escape_string（）預計參數1是字符串

Question

HTML代碼

<tr> 
    <td><input type="text" name="batch_code[]" required="required" value="<?php  if(isset($batch_code[0]))echo htmlentities($batch_code[0]); ?>"/></td> 
    <td><input type="text" name="description[]" value="<?php if(isset($description[0]))echo htmlentities($description[0]); ?>"/></td> 
    <td><input type="text" name="current_value[]" value="<?php if(isset($current_value[0]))echo htmlentities($current_value[0]); ?>"/></td> 
    <td><input type="text" size="12" name="qty[]" required="required" value="<?php if(isset($qty[0]))echo htmlentities($qty[0]); ?>"/></td> 
    <td><select id="asset_id" class="asset_id" name="asset_id[0][]" multiple="multiple" required> 
    <?php foreach($asset_ids as $asset_id): ?> 
      <option class="dropdownlist"><?php echo $asset_id->asset_id; ?></option> 
    <?php endforeach; ?> 
    </select></td> 
</tr> 
<tr> 
    <td><input type="text" name="batch_code[]" required="required" value="<?php  if(isset($batch_code[1]))echo htmlentities($batch_code[1]); ?>"/></td> 
    <td><input type="text" name="description[]" value="<?php if(isset($description[1]))echo htmlentities($description[1]); ?>"/></td> 
    <td><input type="text" name="current_value[]" value="<?php if(isset($current_value[1]))echo htmlentities($current_value[1]); ?>"/></td> 
    <td><input type="text" size="12" name="qty[]" required="required" value="<?php if(isset($qty[1]))echo htmlentities($qty[1]); ?>"/></td> 
    <td><select id="asset_id" class="asset_id" name="asset_id[1][]" multiple="multiple" required> 
    <?php foreach($asset_ids as $asset_id): ?> 
      <option class="dropdownlist"><?php echo $asset_id->asset_id; ?></option> 
    <?php endforeach; ?> 
    </select></td> 
</tr> 

而且我的PHP代碼

$count = count(array_filter($this->asset_id))-1; 
for($value = 0; $value <= $count; $value++){ 
    $count_asset = count(array_filter($this->asset_id))-1; 
    for($asset_value = 0; $asset_value <= $count_asset; $asset_value++){ 
     $sql = "INSERT INTO dispatch_items ("; 
     $sql .= "dis_id, batch_code, asset_id, description, current_value, qty"; 
     $sql .= ") VALUES ('"; 
     $sql .= $database->escape_value($this->dis_id) ."', '"; 
     $sql .= $database->escape_value($this->batch_code[$value])."', '"; 
     $sql .= $database->escape_value($this->asset_id[$value][$asset_value]) ."', '"; 
     $sql .= $database->escape_value($this->description[$value]) ."', '"; 
     $sql .= $database->escape_value($this->current_value[$value]) ."', '"; 
     $sql .= $database->escape_value($this->qty[$value]) ."')"; 
     $query = $datanase->query($sql); 
     $sql = "UPDATE asset_manager SET "; 
     $sql .= "location='".$database->escape_value($this->rstore_code)."', "; 
     $sql .= "dis_id='".$database->escape_value($this->dis_id)."' "; 
     $sql .= "WHERE asset_id='".$database->escape_value($this->asset_id[$value][$asset_value])."' "; 
     $sql .= "AND batch_code='".$database->escape_value($this->batch_code[$value])."' "; 
     $query = $database->query($sql); 
    } 
} 

我想插入多個表單數據的數據庫，並給選項的用戶選擇多個asset_id[][]爲每batch_code[]，但是當插入它到數據庫時不斷收到此錯誤.. :(

警告：mysql_real_escape_string（）預計參數1是串，陣列中的給定的d：\資產管理公司\包括在線路\ database.php中52

public function escape_value($value) { 
     if($this->real_escape_string) { // PHP v4.3.0 or higher 
    // undo any magic quote effects so mysql_real_escape_string can do the work 
    if($this->magic_quotes_active) { $value = stripslashes($value); } 
     $value = mysql_real_escape_string($value);\\ line 53 
    } else { // before PHP v4.3.0 
     // if magic quotes aren't already on then add slashes manually 
     if(!$this->magic_quotes_active) { $value = addslashes($value); } 
     // if magic quotes are active, then the slashes already exist 
    } 
    return $value; 
} 

如何解決這個錯誤..？

Answer 1

而不是使用

if($this->real_escape_string) { // PHP v4.3.0 or higher 

檢查PHP版本

phpversion() 

或

function_exists('real_escape_string')