Jump to content

Recommended Posts

Up until now I have been passing items singularly in hidden fields, but then I just realsied I could cut down my coding lines by bunching them together where possible into arrays and passing an entire array instead.

 

My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables?

(I can't see that there would be but as I am learning i thought it best to ask)

 

Cheers,

 

John

Link to comment
https://forums.phpfreaks.com/topic/200878-safe-to-send-an-arrary/
Share on other sites

My question is, are there any safety implications with sending an array as opposed to 6 or 7 individual variables?

If you mean using:

<input name="somefield[]" />
<input name="somefield[]" />

instead of

<input name="somefield1" />
<input name="somefield2" />

 

Then no it doesn't matter

No i didnt mean that... check out this example.. which i have created... i am sending arrays which has multiple data ...

 

<?php

// these are the values you want to post in the hidden fields....
$array["a"] = "Foo";
$array["b"] = "Bar";
$array["c"] = "Baz";
$array["d"] = "Wom";
$str = serialize($array);

// now str contains the string of that array
?>
<form name="frm_test" method="post" action="">
Multiple values in the format of array to be submited :- <textarea name="txt_ar"><?php echo $str ?></textarea>
<input type="submit" name="submit" value="Submit">
</form>

<?php
if($_POST){
print_r(unserialize($_POST['txt_ar']));
// here you are getting back the multiple values...
}

?>

Ok, I see how you you got all the variables into an array and serialised it and got them out again

 

I looked on PHP manual and as per usual i'm still not much clearer on what's going on.

 

What exactly does serialize do to the array?

 

PHP manual says

Returns a string containing a byte-stream representation of value that can be stored anywhere.

 

Does this mean it converts it to 1's and 0's or something (that probably sounds pretty dum but PHP manual could elaborate a little)?

 

Also what is the purpose of this? Why not just post the array without serializing?

As arrays are complex data types, you cannot see their contents directly. If you try printing out the value of an array, you will see PHP just outputs "Array", which means that passing the value of an array through a link requires a lot of work. Luckily, PHP comes to the rescue with four functions that do all the hard work for you: serialize(), unserialize(), urlencode(), and urldecode().

 

Serialize() converts an array, given as its only parameter, into a normal string that you can save in a file, pass in a URL, etc. Unserialize() is the opposite of serialize() - it takes a serialize()d string and converts it back to an array.

$details = serialize($ent);

 

All the variables in the array $ent have already been through security measures as some are a result of user input...etc.

 

Therefore when $details is sent in a hidden field in a form, does the receiving page have to put the $details through any security measures?

 

Or do you have to unserialize($ent) first then run security on the array afterwards?

 

Or, is there no need to run security in $details?

 

 

*****************

 

I have tried to use the serialize:

$ent = array();
		#$student[0]=ent number
		#$student[1]=sur
		#$student[2]=1st
		#$student[3]=2nd
		#$student[4]=3rd
		#$student[5]=ttl
		#$student[6]=gdr
		#$student[7]=chfme
$ent_details = serialize($ent);

The above to serialize the array

 

The the following to get it all back out in another page:

$b = get_post('ent_details');
echo "<br/>var b=";
print_r(unserialize($b));

 

This results in the following error:

Notice: unserialize() [function.unserialize]: Error at offset 9 of 13 bytes in S:\000 Testing\view_posts.php on line 44

$student = array();
		#$student[0]=ent number
		#$student[1]=sur
		#$student[2]=1st
		#$student[3]=2nd
		#$student[4]=3rd
		#$student[5]=ttl
		#$student[6]=gdr
		#$student[7]=chfme
$student_details = serialize($student);

This won't do anything, as you have commented out (or messed up) the assignments.

 

Should be:

 

$student = array();
$student[0] = "ent number";
$student[1] = "sur";
$student[2] = "1st";
$student[3] = "2nd";
$student[4] = "3rd";
$student[5] = "ttl";
$student[6] = "gdr";
$student[7] = "chfme";
$student_details = serialize($student);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.