PHP Warning htmlentities() expects parameter 1 to be string, array given

Question

I have a form to inject data in a database. When user clicks submit button this error shows up in a <input type=text> field. I have been looking around for a solution for hours but I do not know how to fix this.

: htmlentities() expects parameter 1 to be string, array given in on line ：htmlentities（）期望参数1为字符串，在第行的给出数组

helpers.php

   <?php
function display_errors($errors){
    $display = ' <ul class="bg-danger">';
    foreach($errors as $error){
        $display .='<li class="text-danger">'.$error. '</li> ';
    }
    $display .='</ul>';
    return $display;
}
function sanitize ($dirty){
    return htmlentities($dirty, ENT_QUOTES, "UTF-8");
}

function money($number){
    return '$ '.number_format($number,2);

}

form.php

<form action="products.php?add=1" method="POST" enctype="multipart/form-data">

    <div class='container_12'>
    <div class="form-group col-md-3">
        <label for="prod_name">Product Name*:</label>
        <input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST):' ');?>">

    </div>
    <div class="form-group col-md-3">
        <label for="parent">Parent Category*:</label>
        <select class="form-control" id="parent" name="parent"> 
            <option value=""<?=((isset($_POST['parent']) && $_POST['parent'] == '')?'selected':'');?>></option> 
                <?php while($parent = mysqli_fetch_assoc($parentQuery)): ?> 
            <option value=" <?=$parent['id'];?>"<?=((isset($_POST['parent']) && $_POST['parent'] == $parent['id'])?' select':'');?>><?=$parent['category_name'];?></option> 
                <?php endwhile; ?> 
        </select>
    </div>
    <div class='form-group col-md-3'>
        <label for='child'>Second Category*:</label>
        <select id='child' name='child' class='form-control'></select>
    </div>
    </div>

    <div class='container_12'>

        <div class='form-group col-md-3'>
                <label for='list_price'>List Price(OPTIONAL): </label>
                <input type="text" id="list_price" name="list_price" class="form-control" value="<?=((isset($_POST['list_price']))?sanitize($_POST['list_price']):'');?>">
        </div>

         <div class="form-group col-md-3">
        <label for="price">Price*:</label> 
        <input type="text" id="price" name="price" class="form-control" value="<?=((isset($_POST['price']))?sanitize($_POST['price']):'');?>"> 
    </div>

     <div class='form-group col-md-3'>
                <label for='prod_width'>Width* (in inches):</label>
                <input type="text" id="prod_width" name="prod_width" class="form-control" value="<?=((isset($_POST['prod_width']))?sanitize($_POST['prod_width']):'');?>">
        </div>

     <div class='form-group col-md-3'>
                <label for='prod_depth'>Height*(in inches):</label>
                <input type="text" id="'prod_depth" name="'prod_depth" class="form-control" value="<?=((isset($_POST['prod_depth']))?sanitize($_POST['prod_depth']):'');?>">
        </div>
    </div>

    <div class='container_12'>
     <div class='form-group col-md-3'>
                <label for='prod_height'>Depth*(in inches):</label>
                <input type="text" id="prod_height" name="prod_height" class="form-control" value="<?=((isset($_POST['prod_height']))?sanitize($_POST['prod_height']):'');?>">
        </div>

    <div class='form-group col-md-3'>
                <label for='prod_material'>Construction Material:</label>
                <input type="text" id="prod_material" name="prod_material" class="form-control" value="<?=((isset($_POST['prod_material']))?sanitize($_POST['prod_material']):'');?>">

    </div>

    <div class='form-group col-md-6'>
        <label>Quantity * :</label>
          <input type="text" id="quantity" name="quantity" class="form-control" value="<?=((isset($_POST['quantity']))?sanitize($_POST['quantity']):'');?>">

    </div>
    </div>

    <div class='container_12'>
        <div class="form-group col-md-3"> <label for="image_1">Product Photo #1:</label> 
        <input type="file" name="image_1" id="image_1" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_2">Product Photo #2:</label> 
        <input type="file" name="image_2" id="image_2" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_3">Product Photo #3:</label> 
        <input type="file" name="image_3" id="image_3" class="form-control"> 
    </div>
          <div class="form-group col-md-3"> <label for="image_4">Product Photo#4:</label> 
        <input type="file" name="image_4" id="image_4" class="form-control"> 
    </div>

    </div>



    <div class='container_12'>
    <div class="form-group col-md-6">
        <label for="description">Description:</label>
        <textarea id="description" name="description" class="form-control" rows="6"><?=((isset($_POST['description']))?sanitize($_POST['description']):'');?></textarea> 
    </div>



      <div class="form-group col-md-6">
        <label for="care_instructions">Care Instructions*:</label>
        <textarea id="care_instructions" name="care_instructions" class="form-control" rows="6"><?=((isset($_POST['care_instructions']))?sanitize($_POST['care_instructions']):'');?></textarea> 
      </div></div>

    <div class='container_12'>
        <div class="form-group pull-right">
    <input type='submit' value='Add Product' class='form-control btn-success pull-right'>
        </div></div>
                       </form>

Answer 1

You are passing the whole $_POST variable to serialize in the product name input (that's why the error says 'array given').

Check this line:

<input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST):' ');?>">

And change it with this:

<input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST['prod_name']):' ');?>">