List Info

Thread: note 76056 added to function.serialize
note 76056 added to function.serialize
user name
 2007-06-28 03:09:16 
Generally when I do an insert into a database table of
posted data, I use the recommended mysql_real_escape_string
function, with stripslashes if the get_magic_quotes_gpc is
on.
<?php
function prepData($var) {
  if (get_magic_quotes_gpc()) {
    $var = stripslashes($var);
  }
return mysql_real_escape_string($var);
}
?>
I've been having a problem inserting a serialized array into
a MySQL database that contained single and double quotes for
values.

ex: "quotes" => "some 'quoted'
"text""
you'd think it would be:
a:1:{s:6:"quotes";s:20:"some 'quoted'
"text"";}
as prepData function would strip the slashes.

However, what goes into the database is:
a:1:{s:6:"quotes";s:24:"some 'quoted'
"text"";}
as if there are slashes before the single and double
quotes.

Obviously on unserializing the data, there is an error, as
24 chars are expected, when there are only 20.

So, the solution I've coded for my safe insert prepData
function is: 
<?php
function prepData($var, $serialized = 0) {
  if( $serialized == 0 )  {
    if (get_magic_quotes_gpc()) {
      $var = stripslashes($var);
    }
  }
return mysql_real_escape_string($var);
}
?>

when inserting plain data from a post:
<? $data = prepData($data); ?>

for serialized data:
<? $data = prepData($data, 1); ?>

cracked my head on this one a bit :|

strange behaviour for serialize(), i.e. string count, counts
slashes that are not there.
----
Server IP: 64.71.164.2
Probable Submitter: 208.66.78.226
----
Manual Page -- h
ttp://www.php.net/manual/en/function.serialize.php
Edit        -- https://master
.php.net/note/edit/76056
Del: integrated  -- h
ttps://master.php.net/note/delete/76056/integrated
Del: useless     -- http
s://master.php.net/note/delete/76056/useless
Del: bad code    -- htt
ps://master.php.net/note/delete/76056/bad+code
Del: spam        -- https:/
/master.php.net/note/delete/76056/spam
Del: non-english -- 
https://master.php.net/note/delete/76056/non-english
Del: in docs     -- http
s://master.php.net/note/delete/76056/in+docs
Del: other reasons-- https://mast
er.php.net/note/delete/76056
Reject      -- https://mast
er.php.net/note/reject/76056
Search      -- https://
master.php.net/manage/user-notes.php

-- 
PHP Notes Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub
.php
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )