hi i'm using serialize/unserialize functions in php 5.2. the text to be stored is POSTed via a form. btw, no white-space before or after. if text contains " or ' it serializes successfully. the problem is it does not unserialize back. what i'm doing wrong?
A:
When you serialize, you should use addslashes and when you unserialize, use stripslashes function.
Example:
if (get_magic_quotes_gpc())
{
serialize($variable);
}
else
{
addslashes(serialize($variable));
}
if (get_magic_quotes_gpc())
{
stripslashes(unserialize($variable));
}
else
{
unserialize($variable);
}
Web Logic
2010-05-22 14:26:45
it didnt serialize at all.
opteronn
2010-05-22 14:47:10
@Web who said you that?
Col. Shrapnel
2010-05-22 14:47:41
@Kurt: You might have magic quotes turned on, see my updated answer. Also what error do you get if any?
Web Logic
2010-05-22 14:51:28
OMG. even worst than before. Who said you to do addslashes?
Col. Shrapnel
2010-05-22 14:55:32
Look, @Web. Why don't you run your code before post it? The OP told you it didnt serialize at all. that's true. If you have not enough experience to write code on the fly - just run it before post and see if it does something or not.
Col. Shrapnel
2010-05-22 15:03:19
A:
it is magic quotes probably in response for such a behavior. So, to unserialize you may have to do a stripslashes() first:
if (get_magic_quotes_gpc()) $data = stripslashes($data);
though it's almost impossible to have magic_quotes on on a 5.2 system...
To say something certain, you have to find a difference between initial and returned data.
But anyway, why don't you use sessions instead of sending data to the browser and back? Sessions indeed faster and secure way.
Col. Shrapnel
2010-05-22 14:36:08
i'm sorry i forgot to tell that text to be serialized is ARRAY_ASSOCIATIVE. (probably) because of this STRIPSLASHES function does not work.
opteronn
2010-05-22 15:07:43
all data are stored in files in serialized format. SESSIONS does not cut it.
opteronn
2010-05-22 15:12:33
I'm sorry @Kurt, but stripslashes has NOTHING to do with arrays. It works with strings. And it always works. Anyway, magic quotes is gust a guess, and to tell you something certain, you have to find a difference between initial and returned data. Or at least bring both strings here
Col. Shrapnel
2010-05-22 15:17:45
magic quotes is on. when i do print_r data is correct (i mean initial data and returned data is the same). but when unserialize that does not work.
opteronn
2010-05-22 15:26:31
@Kurt if returned data is the same, serialize **would** work. Period. You have to watch better.
Col. Shrapnel
2010-05-22 15:28:24
most likely it's because magic quotes, if you admit it's on. At least you have to realize that noone can fo your job for you. Try to do somethiung sensible, not just repeat the same "not working"
Col. Shrapnel
2010-05-22 15:37:53
it's over because there is no real explanation. i just answered to be sensible because you tried hard to help me. (you write "serialize would work" and i said it works). thank you man.
opteronn
2010-05-22 15:42:02
A:
Hello,
Adding slashes to quotes solves the problem. Have a look at my code: http://codepad.org/7JWa2BT6
Puneet Pugalia
2010-07-01 06:33:26
Wrong comment. I had escaped the variables before forming the array hence adding slashes worked. The serialized string should be escaped. not the reverse
Puneet Pugalia
2010-07-01 08:49:10