safe to send an arrary

[freelance84]

Up until now I have been passing items singularly in hidden fields, but then I just realsied I could cut down my coding lines by bunching them together where possible into arrays and passing an entire array instead.

 

My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables?

(I can't see that there would be but as I am learning i thought it best to ask)

 

Cheers,

 

John

[phpchamps]

you can serialize the array and pass it and on the other page you can unserialize array..

 

serialize($array)

 

and on the page where you want the values in array format you can simply unserialize it...

[RichardRotterdam]

My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables?

If you mean using:

<input name="somefield[]" />
<input name="somefield[]" />

instead of

<input name="somefield1" />
<input name="somefield2" />

 

Then no it doesn't matter

[phpchamps]

No i didnt mean that... check out this example.. which i have created... i am sending arrays which has multiple data ...

 

<?php

// these are the values you want to post in the hidden fields....
$array["a"] = "Foo";
$array["b"] = "Bar";
$array["c"] = "Baz";
$array["d"] = "Wom";
$str = serialize($array);

// now str contains the string of that array
?>
<form name="frm_test" method="post" action="">
Multiple values in the format of array to be submited :- <textarea name="txt_ar"><?php echo $str ?></textarea>
<input type="submit" name="submit" value="Submit">
</form>

<?php
if($_POST){
print_r(unserialize($_POST['txt_ar']));
// here you are getting back the multiple values...
}

?>

[freelance84]

Ok, I see how you you got all the variables into an array and serialised it and got them out again

 

I looked on PHP manual and as per usual i'm still not much clearer on what's going on.

 

What exactly does serialize do to the array?

 

PHP manual says

Returns a string containing a byte-stream representation of value that can be stored anywhere.

 

Does this mean it converts it to 1's and 0's or something (that probably sounds pretty dum but PHP manual could elaborate a little)?

 

Also what is the purpose of this? Why not just post the array without serializing?

[phpchamps]

As arrays are complex data types, you cannot see their contents directly. If you try printing out the value of an array, you will see PHP just outputs "Array", which means that passing the value of an array through a link requires a lot of work. Luckily, PHP comes to the rescue with four functions that do all the hard work for you: serialize(), unserialize(), urlencode(), and urldecode().

 

Serialize() converts an array, given as its only parameter, into a normal string that you can save in a file, pass in a URL, etc. Unserialize() is the opposite of serialize() - it takes a serialize()d string and converts it back to an array.

[freelance84]

I see.

 

http://en.wikipedia.org/wiki/Byte_stream

 

It does sound interesting and I would like to understand it a little more of the bg but I think your explanation will do for now until I become a little more au fait with it.

 

 

Thanks 

[freelance84]

$details = serialize($ent);

 

All the variables in the array $ent have already been through security measures as some are a result of user input...etc.

 

Therefore when $details is sent in a hidden field in a form, does the receiving page have to put the $details through any security measures?

 

Or do you have to unserialize($ent) first then run security on the array afterwards?

 

Or, is there no need to run security in $details?

 

 

*****************

 

I have tried to use the serialize:

$ent = array();
		#$student[0]=ent number
		#$student[1]=sur
		#$student[2]=1st
		#$student[3]=2nd
		#$student[4]=3rd
		#$student[5]=ttl
		#$student[6]=gdr
		#$student[7]=chfme
$ent_details = serialize($ent);

The above to serialize the array

 

The the following to get it all back out in another page:

$b = get_post('ent_details');
echo "<br/>var b=";
print_r(unserialize($b));

 

This results in the following error:

Notice: unserialize() [function.unserialize]: Error at offset 9 of 13 bytes in S:\000 Testing\view_posts.php on line 44

[freelance84]

appolgise the section of code to get the array back out was incorrect in the 2nd block and should have looked like:

echo "<br/>var b=";
print_r(unserialize($_POST['student_details']));

[mattal999]

$student = array();
		#$student[0]=ent number
		#$student[1]=sur
		#$student[2]=1st
		#$student[3]=2nd
		#$student[4]=3rd
		#$student[5]=ttl
		#$student[6]=gdr
		#$student[7]=chfme
$student_details = serialize($student);

This won't do anything, as you have commented out (or messed up) the assignments.

 

Should be:

 

$student = array();
$student[0] = "ent number";
$student[1] = "sur";
$student[2] = "1st";
$student[3] = "2nd";
$student[4] = "3rd";
$student[5] = "ttl";
$student[6] = "gdr";
$student[7] = "chfme";
$student_details = serialize($student);

[freelance84]

apologies, but the #'s are just to remind me what each place in the array is: Please ignore them.

 

The actual array is fine and the contents of which come from an array_push within an 'if' statement