Justtechjobs.com Find a programming school near you






Online Campus Both


php3-list | 199903

Re: [PHP3] [HOW TO] Passing serialized data around From: auke <email protected>
Date: 03/26/99

On Thu, 25 Mar 1999, Colin Viebrock wrote:

> FYI, This is a summary of the info in the annotated manual at:
>
> http://ca.php.net/manual/function.serialize.php3
>
> It's been asked a lot lately, so I thought I'd post my findings.
>
>
>
> A) DATABASE
>
> If you are storing serialized data in a database, you need to
> serialize() the data, then addslashes(), then stick it in the DB.
>
> When you pull it out, stripslashes(), then unserialize().
>
> [Your server may be configured so the addslashes and stripslashes
> are automagically done for you.]
>

Hi,
  I've got a question about this. I'm using MySQl to store serialized
data, but I don't use AddSlashes, I use ereg_replace("'","''",...)
I've tried to use AddSlashes/StripSlashes, but it seems that this can
corrupt the data. e.g.

 Suppose you have a string $temp="a \\'string";

 Now you run addslashes, it adds a slash to both the slash and the single
quote. So the exact string inserted in the database becomes:

 "a \\\'string"

 now when you retrieve this string, mysql will already have interpreted
the slashes when you inserted this data, so the string that you retrieve
will be: "a \'string"

 As you can see running StripSlashes over this will remove the '\',
changing the string and corrupting your serialized data.

 Now, am I doing something obviously wrong here? Should I use
AddSlashes/StripSlashes in a different way?

regards,
Auke van Slooten 

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
List administrator:  zeev-list-admin <email protected>