freelance84 Posted May 6, 2010 Share Posted May 6, 2010 Up until now I have been passing items singularly in hidden fields, but then I just realsied I could cut down my coding lines by bunching them together where possible into arrays and passing an entire array instead. My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables? (I can't see that there would be but as I am learning i thought it best to ask) Cheers, John Quote Link to comment Share on other sites More sharing options...
phpchamps Posted May 6, 2010 Share Posted May 6, 2010 you can serialize the array and pass it and on the other page you can unserialize array.. serialize($array) and on the page where you want the values in array format you can simply unserialize it... Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted May 6, 2010 Share Posted May 6, 2010 My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables? If you mean using: <input name="somefield[]" /> <input name="somefield[]" /> instead of <input name="somefield1" /> <input name="somefield2" /> Then no it doesn't matter Quote Link to comment Share on other sites More sharing options...
phpchamps Posted May 6, 2010 Share Posted May 6, 2010 No i didnt mean that... check out this example.. which i have created... i am sending arrays which has multiple data ... <?php // these are the values you want to post in the hidden fields.... $array["a"] = "Foo"; $array["b"] = "Bar"; $array["c"] = "Baz"; $array["d"] = "Wom"; $str = serialize($array); // now str contains the string of that array ?> <form name="frm_test" method="post" action=""> Multiple values in the format of array to be submited :- <textarea name="txt_ar"><?php echo $str ?></textarea> <input type="submit" name="submit" value="Submit"> </form> <?php if($_POST){ print_r(unserialize($_POST['txt_ar'])); // here you are getting back the multiple values... } ?> Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 6, 2010 Author Share Posted May 6, 2010 Ok, I see how you you got all the variables into an array and serialised it and got them out again I looked on PHP manual and as per usual i'm still not much clearer on what's going on. What exactly does serialize do to the array? PHP manual says Returns a string containing a byte-stream representation of value that can be stored anywhere. Does this mean it converts it to 1's and 0's or something (that probably sounds pretty dum but PHP manual could elaborate a little)? Also what is the purpose of this? Why not just post the array without serializing? Quote Link to comment Share on other sites More sharing options...
phpchamps Posted May 6, 2010 Share Posted May 6, 2010 As arrays are complex data types, you cannot see their contents directly. If you try printing out the value of an array, you will see PHP just outputs "Array", which means that passing the value of an array through a link requires a lot of work. Luckily, PHP comes to the rescue with four functions that do all the hard work for you: serialize(), unserialize(), urlencode(), and urldecode(). Serialize() converts an array, given as its only parameter, into a normal string that you can save in a file, pass in a URL, etc. Unserialize() is the opposite of serialize() - it takes a serialize()d string and converts it back to an array. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 6, 2010 Author Share Posted May 6, 2010 I see. http://en.wikipedia.org/wiki/Byte_stream It does sound interesting and I would like to understand it a little more of the bg but I think your explanation will do for now until I become a little more au fait with it. Thanks Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 6, 2010 Author Share Posted May 6, 2010 $details = serialize($ent); All the variables in the array $ent have already been through security measures as some are a result of user input...etc. Therefore when $details is sent in a hidden field in a form, does the receiving page have to put the $details through any security measures? Or do you have to unserialize($ent) first then run security on the array afterwards? Or, is there no need to run security in $details? ***************** I have tried to use the serialize: $ent = array(); #$student[0]=ent number #$student[1]=sur #$student[2]=1st #$student[3]=2nd #$student[4]=3rd #$student[5]=ttl #$student[6]=gdr #$student[7]=chfme $ent_details = serialize($ent); The above to serialize the array The the following to get it all back out in another page: $b = get_post('ent_details'); echo "<br/>var b="; print_r(unserialize($b)); This results in the following error: Notice: unserialize() [function.unserialize]: Error at offset 9 of 13 bytes in S:\000 Testing\view_posts.php on line 44 Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 6, 2010 Author Share Posted May 6, 2010 appolgise the section of code to get the array back out was incorrect in the 2nd block and should have looked like: echo "<br/>var b="; print_r(unserialize($_POST['student_details'])); Quote Link to comment Share on other sites More sharing options...
mattal999 Posted May 6, 2010 Share Posted May 6, 2010 $student = array(); #$student[0]=ent number #$student[1]=sur #$student[2]=1st #$student[3]=2nd #$student[4]=3rd #$student[5]=ttl #$student[6]=gdr #$student[7]=chfme $student_details = serialize($student); This won't do anything, as you have commented out (or messed up) the assignments. Should be: $student = array(); $student[0] = "ent number"; $student[1] = "sur"; $student[2] = "1st"; $student[3] = "2nd"; $student[4] = "3rd"; $student[5] = "ttl"; $student[6] = "gdr"; $student[7] = "chfme"; $student_details = serialize($student); Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 6, 2010 Author Share Posted May 6, 2010 apologies, but the #'s are just to remind me what each place in the array is: Please ignore them. The actual array is fine and the contents of which come from an array_push within an 'if' statement Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.