[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1306
  • Last Modified:

php serialize array, insert database, error when unserialize

Hi,

I am using "serialize" before I insert the $_POST variables into a database.

I can put it in the db, get it back, unserialize and have a copy if the array as I put it in.

There is a problem when I use quotes.

When I have a quote in the form, it will go into the database, but when I try to
get it back and unserialize, but there is an error in the following code.

The error message is "Warning: Invalid argument supplied for foreach()".

When
$row = a:11:{s:11:"contactName";s:9:"test name";s:15:"contactAddress1";s:12:"test address";s:11:"contactCity";s:9:"test city";s:12:"contactState";s:13:"Please Select";s:10:"contactZip";s:0:"";s:13:"contactPhone1";s:0:"";s:13:"contactPhone2";s:0:"";s:13:"contactPhone3";s:0:"";s:12:"contactEmail";s:0:"";s:18:"contactAddComments";s:0:"";s:6:"submit";s:6:"Submit";}

it will work.

When
$row = a:11:{s:11:"contactName";s:18:"test with quo'tes";s:15:"contactAddress1";s:0:"";s:11:"contactCity";s:0:"";s:12:"contactState";s:13:"Please Select";s:10:"contactZip";s:0:"";s:13:"contactPhone1";s:0:"";s:13:"contactPhone2";s:0:"";s:13:"contactPhone3";s:0:"";s:12:"contactEmail";s:0:"";s:18:"contactAddComments";s:0:"";s:6:"submit";s:6:"Submit";}

it will get the error.

      while ($row = mysql_fetch_array($dbresult))
      {            
            foreach ($row as $key => $val) {
                        $tmp[$key] = $val;
                }

      $tmpArray=unserialize($tmp[body]);

      foreach ($tmpArray as $key1 => $val1) {
      print "$key2 = $val1";            
      }
0
jackjohnson44
Asked:
jackjohnson44
1 Solution
 
Diablo84Commented:
have you tried adding stripslashes

$tmpArray=unserializestripslashes(($tmp['body']));
0
 
Diablo84Commented:
or rather

$tmpArray=unserialize(stripslashes($tmp['body']));
0
 
_GeG_Commented:
or use this as the first line of you PHP code:
set_magic_quotes_runtime(0);
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
RoonaanCommented:
Doesn't unserialize itself give a notice?

What db field are you using? varchar/text/blob?

Did you use addslashes(serialize($array)) on insertion?

-r-
0
 
jackjohnson44Author Commented:
this did not work
$tmpArray=unserialize(stripslashes($tmp['body']));

I don't see why it would though, there are no slashes in the serialized array

the part that is breaking it is here ->    test with quo'tes

look:
$row = a:11:{s:11:"contactName";s:18:"test with quo'tes";s:15:"contactAddress1";s:0:"";s:11:"contactCity";s:0:"";s:12:"contactState";s:13:"Please Select";s:10:"contactZip";s:0:"";s:13:"contactPhone1";s:0:"";s:13:"contactPhone2";s:0:"";s:13:"contactPhone3";s:0:"";s:12:"contactEmail";s:0:"";s:18:"contactAddComments";s:0:"";s:6:"submit";s:6:"Submit";}


I am using a field of type 'text' in the database.

I am not using add slashes when I put it in the db because magic quotes are turned on.
The data is going into the db correctly, I just can't get it back.  Slashes are added, but
when it goes in the db, they are not there any more.  look at the sample serialized array above.
0
 
InvolveITCommented:
You can replace the quotes with some combination of characters before serializing it and correct it after you have unserialized the data.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now