 |
 |
Find a programming school near you
php3-list | 199903
Date: 03/28/99
- Next message: Teguh Supriyatna: "Re: [PHP3] newbie in php.."
- Previous message: Rasmus Lerdorf: "Re: [PHP3] MySQL, PHP3 and RPMs"
- In reply to: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Next in thread: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Reply: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 27 Mar 1999, Sascha Schumann wrote:
> On Sat, Mar 27, 1999 at 01:09:39PM +0100, auke <email protected> wrote:
> > On Fri, 26 Mar 1999, Sascha Schumann wrote:
> >
> > > > Hi,
> > > > I've got a question about this. I'm using MySQl to store serialized
> > > > data, but I don't use AddSlashes, I use ereg_replace("'","''",...)
> > > > I've tried to use AddSlashes/StripSlashes, but it seems that this can
> > > > corrupt the data. e.g.
> > > >
> > > > Suppose you have a string $temp="a \\'string";
> > >
> > > echo $temp
> > >
> > > a \'string
> > >
> > > You are overseeing that PHP also uses slashes.
> > >
> >
> > No, I am not, this is the whole point :) I specifically made this string
> > to break the serialize/addslashes/stripslashes/unserialize chain when
> > stored in a mysql database. Because I actually had that happen once :(
>
> Well, then I suppose I must miss your point.
>
> In your previous email you said...
>
> > now when you retrieve this string, mysql will already have interpreted
> > the slashes when you inserted this data, so the string that you retrieve
> > will be: "a \'string"
>
> That is exactly the string you stored. I do not consider that to be bad.
well, that would be allright, except you forgot that this is about using
AddSlashes/Stripslashes, and StripSlashes hasn't been applied at this
point. The next two lines in the original post are:
> As you can see running StripSlashes over this will remove the '\',
> changing the string and corrupting your serialized data.
So my point still is, that using AddSlashes/Stripslashes on serialized
data (or any unchecked string) to be inserted in a database can corrupt
your data. With normal strings the string will simply have lost a
character (namely, the '/') but with a serialized variable unserialize()
will fail.
regards,
Auke
-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3 List administrator: zeev-list-admin <email protected>
- Next message: Teguh Supriyatna: "Re: [PHP3] newbie in php.."
- Previous message: Rasmus Lerdorf: "Re: [PHP3] MySQL, PHP3 and RPMs"
- In reply to: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Next in thread: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Reply: Sascha Schumann: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
