Hi,

I just installed drupal 6.16 over an existing drupal database and tried to run update.php and I get this warning. If I click through the various pages I ultimately get a page with the following text:

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/y/share/htdocs/ydrupal/includes/database.mysql.inc on line 321 [/infocenter/update.php?op=selection&token=350f5a9762e02e8c02921b6994cd0462] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/y/share/htdocs/ydrupal/includes/database.mysql.inc on line 321 [/infocenter/update.php?op=selection&token=350f5a9762e02e8c02921b6994cd0462] 

If it's any help, I added an error_log() to db_escape_string() and saw that the array being handed to it is a couple of IP addresses:

[Thu Apr  8 17:33:49 2010] [error] Array
(
    [0] => 10.72.107.191
    [1] => 10.72.107.191
)

(Not that it's relevant, but the IP address is my laptop from which I'm running my browser. It is *not* the machine running apache.

Failing a solution to this problem, is there a way to manually update the drupal database and bypass the malfunctioning update script?

Comments

dfranney’s picture

As it turns out this problem was due to a bug in our particular flavor of apache. It seems that $_SERVER["REMOTE_USER"] was being set to an array which messed up db_escape_string(). We put a patched version of apache in place and the problem went away.

mepho’s picture

I also had this error and I went through all my modules looking for "array('access content')"

I found that i accidentally used in a hook_menu()
'access callback' => array('access content'),

I corrected by changing it to
'access arguments' => array('access content'),

For those that want to debug this problem you should open up the database.mysql.inc file and navigate to the line number 321 which is db_escape_string function. Just debug the $text variable

function db_escape_string($text) {
global $active_db;
if(is_array($text)) {
var_dump($text)
}
return mysql_real_escape_string($text, $active_db);
}

Hopefully this helps

johan2’s picture

I had the same issue,

I followed your instructions but I noticed that the problem was gone as soon as I turned off the Devel and Devel_themer.
Then I returned to the original settings in includes on line 321 and everything worked. No warnings.
function db_escape_string($text) {
global $active_db;
return mysql_real_escape_string($text, $active_db);
}

I didn't find any mistakes in my functions so I think it will be the devils ;-)

milziv’s picture

Hi there,

thanks for posting this instruction, have the same problem, but after updating the database.mysql.in file i couldn't run update.php on my site. It simple didn't provide any response, just a blank webpage, is this a known problem or what am I missing? Thanks

The above problem is still active, so if someone has another fix or better way of solving this, please let me know. Much appreciated.

Best Regards
Milan

sp_key’s picture

Can you please give us a little hand as to how we can pinpoint the problem?
the db_escape_string function is on line 637 in my case though the error I receive in Drupal refers to line 321 which is a closing bracket.

Is this an issue we should be concerned about?

milziv’s picture

Just to clarify, it this debug you posted here still valid or not.
If you have managed to find a right workaround for this issue please let me know.

Thanks
milziv

_snake_’s picture

Hi,

I follow your steps mepho, but the value of $text is not showed...

Thanks

Mixologic’s picture

function db_escape_string($text) {
global $active_db;
if(is_array($text)) {
var_dump($text); / <= WSOD for yall
}
return mysql_real_escape_string($text, $active_db);
}

yaworsk’s picture

Amazing! Helped me identify an error the simple contest module was throwing every time I saved a view in the views module. Narrowed it down to a custom module created by another developer on project i'm working on and they called 'page callback' => array('simplecontest_help'), instead of 'page callback' => 'simplecontest_help',

pete

bisonbleu’s picture

I was seeing the same error when updating a custom content type. I used @mepho's suggestion (adding the 'var_dump($text);' to the includes/database.mysql.inc file). Here's what was printed to screen.

array(6) { ["month"]=> string(0) "" ["year"]=> string(0) "" ["day"]=> int(0) ["hour"]=> int(0) ["minute"]=> int(0) ["second"]=> int(0) }

Which lead me to a CCK date field with a bad date format. Removing the date field from the content type fixed everything.

Thank you @mepho for a very handy technique!

:~: Senior Drupal Site Builder

anonymous07’s picture

Subscribe

_snake_’s picture

Well, I think my issue is related with the Node Relationships module, because if I select a node related with that I'm creating, then the warning is showed...but not in all node types!!...and in line 326

Keep looking for a solution

/**
* Prepare user input for use in a database query, preventing SQL injection attacks.
*/
function db_escape_string($text) {
  global $active_db;
  //var_dump(debug_backtrace());
  if (is_array($text))
  {
var_dump($text);
  }
  return mysql_real_escape_string($text, $active_db); // <---------------LINE 326
 
}
_snake_’s picture

using is_array(), print_r(), and error_log() I found the following information:

Array\n(\n    [target] => default\n    [class] => \n    [rel] => \n)\n
_snake_’s picture

Hi,

my problem was related with the Link module. So I had to deactivate it.

Regards