How to solve cannot use string offset as an array error in PHP?

Question

I want to add multiple data into table at once but my code gives an error saying 'cannot use string offset as an array'. I have attached my code. Can anyone help me to solve this?

$issuedate=$_POST['issuedate'];
$member=$_POST['member'];
$bno[0]['TitleNo'] = $_POST['bno'];
$bno[1]['TitleNo'] = $_POST['bno1'];
$bno[2]['TitleNo'] = $_POST['bno2'];
$bno[3]['TitleNo'] = $_POST['bno4'];                        
$returndate = $_POST['returndate'];

for($i=0; $i<4; $i++)
{
    $sql5 = mysqli_query($db, "INSERT INTO borrow(TitleNo,MemberID,IssueDate,dueDate,ReturnDate) VALUES ('".$bno[$i]['TitleNo']."','$member','$issuedate','$returndate')");
}

if ($sql5)
{
    echo '<h4 class="message">Add New Book Copies! </h4>'; // echo $test;   
}
else
{
    echo 'Fail.';
}

Answer 1

You are probably assigning string to $bno variable thus it dynamically becomes of type string. More info here. Regarding the example you should

1. $bno = array();
2. Escape all your DB inputs (or even better, use prepared statements)
3. It makes more sense to put the if..else inside the for loop

Thus

$bno = array();

$mysqli_conn = mysqli_connect("localhost", "user", "password", "schema");

$issuedate = mysqli_real_escape_string($mysqli_conn, $_POST['issuedate']);
$member = mysqli_real_escape_string($mysqli_conn, $_POST['member']);
$bno[0]['TitleNo'] = mysqli_real_escape_string($mysqli_conn, $_POST['bno']);
$bno[1]['TitleNo'] = mysqli_real_escape_string($mysqli_conn, $_POST['bno1']);
$bno[2]['TitleNo'] = mysqli_real_escape_string($mysqli_conn, $_POST['bno2']);
$bno[3]['TitleNo'] = mysqli_real_escape_string($mysqli_conn, $_POST['bno4']);                        
$returndate = mysqli_real_escape_string($mysqli_conn, $_POST['returndate']);

for($i=0; $i<4; $i++)
{
    $sql = mysqli_query($db, "INSERT INTO borrow(TitleNo,MemberID,IssueDate,dueDate,ReturnDate) VALUES ('".$bno[$i]['TitleNo']."','".$member."','".$issuedate."','".$returndate."')");

    if ($sql)
    {
        echo '<h4 class="message">Add New Book Copies! </h4>'; // echo $test;   
    }
    else
    {
        echo 'Fail.';
    }
}

Answer 2

You have set $bno as string in some previous code. What you can do for a quick fix is:

1. change $bno to somehing else, for example $book

$book[0]['TitleNo'] = $_POST['bno'];  
$book[1]['TitleNo'] = $_POST['bno1'];
//..

2. set $bno to a new array and then assign the values

$bno = array();
$bno[0]['TitleNo'] = $_POST['bno'];  
$bno[1]['TitleNo'] = $_POST['bno1'];  
//...

Additional Notes

By the way it's better to escape somehow the values you enter in your DB. You can use mysqli_real_escape_string

Just assign do this for all the values:

$bno[0]['TitleNo'] = mysqli_real_escape_string($db, $_POST['bno']);

Sources to read

http://php.net/manual/en/mysqli.real-escape-string.php

Answer 3

You should have a look att prepared statements and bind params. When you're doing the insert statements you select five columns and only inserts four values.

 $sql5 = mysqli_query($db, "INSERT INTO borrow(TitleNo,MemberID,IssueDate,dueDate,ReturnDate) VALUES ('".$bno[$i]['TitleNo']."','$member','$issuedate','$returndate')");

And as @jeroen mentioned, your code has sql-injection problems, read more about sql-injection here.

I've created and exampel using prepared statements and bind params. Note:

$stmt->bind_param('sssss',$bno[$i]['TitleNo'], $member, $issuedate, $dueDate, $returndate);

'sssss' are just for demo purpose, I assume dueDate and returndate columns are datetime something simular.

$DBServer = 'localhost';
$DBUser  = 'root';
$DBPass = 'root';
$DBName = 'borrow';

$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);

$sql = ' INSERT INTO borrow (TitleNo,MemberID,IssueDate,dueDate,ReturnDate) VALUES (?,?,?,?,?)';

$TitleNo = $bno[0]['TitleNo'];
$member = 'MemberID';
$issuedate = 'issuedate';
$dueDate = 'dueDate';
$returndate = 'returndate';

/* Prepare statement */
$stmt = $conn->prepare($sql);
if($stmt === false) {
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
}


for( $i= 0; $i < count($bno); $i++){
/* Bind parameters. s = string, i = integer, d = double,  b = blob */
$stmt->bind_param('sssss',$bno[$i]['TitleNo'], $member, $issuedate, $dueDate, $returndate);

/* Execute statement */
$stmt->execute();
}
if( $stmt->affected_rows > 0 ){
    echo '<h4 class="message">Add New Book Copies!</h4>';
}

$stmt->close();

However im not sure if it's best practice to do a mass insert to db using a for-loop.

Answer 4

Initialising your array (ie, $bno was probably initialised to a string in your code which caused the error you are seeing), escaping the input and doing a single INSERT (rather than 4, where you only check the results of the last one):-

<?php 
$bno = array();
$sql_array = array();
$issuedate = mysqli_real_escape_string($db, $_POST['issuedate']);
$member = mysqli_real_escape_string($db, $_POST['member']);
$bno[0]['TitleNo'] = mysqli_real_escape_string($db, $_POST['bno']);
$bno[1]['TitleNo'] = mysqli_real_escape_string($db, $_POST['bno1']);
$bno[2]['TitleNo'] = mysqli_real_escape_string($db, $_POST['bno2']);
$bno[3]['TitleNo'] = mysqli_real_escape_string($db, $_POST['bno4']);                        
$returndate = mysqli_real_escape_string($db, $_POST['returndate']);

foreach($bno AS $abno)
{
    $sql_array = "('".$bno['TitleNo']."','$member','$issuedate','$returndate')"
}
$sql5 = mysqli_query($db, "INSERT INTO borrow(TitleNo,MemberID,IssueDate,dueDate,ReturnDate)
        VALUES ".implode(', ', $sql_array));            
if ($sql5) 
{
    echo '<h4 class="message">Add New Book Copies!</h4>';
    // echo $test;
} 
else
{
    echo 'Fail.';
}

This does suggest that the database could be further normalised, as you have multiple rows being inserted that are identical except for one value.