serialize

[freelance84]

Ok my previous post on this issue began to get a bit ugly (http://www.phpfreaks.com/forums/index.php/topic,297061.0.html).

 

So, I've typed out a simple version of the problem:

 

<?php
$test= array('pig1','pig2','pig3');
$test_s = serialize($test);

echo <<<_END
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DeRep - Class Reports</title>
<link href="css styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<form action="test2.php" method="post">
<input type="hidden" name="test_s" value="$test_s" />
<button id="button-submit_4"  name="view" type="submit">view</button>
</form>
</body>

</html>
_END;
?>

 

The above is a simple test of the serialize($array)

 

The above page sends the data to the following php:

<?php
if($_POST){
print_r(unserialize($_POST['test_s']));
}
?>

 

However the result is:

Notice: unserialize() [function.unserialize]: Error at offset 9 of 13 bytes in S:\000 Testing\learn\test2.php on line 3

 

Any help here would be very much appreciated. I'm guessing I've made some glaringly obvious mistake somewhere.

 

N.B I am testing php with "EasyPHP 3.0"

[litebearer]

as an experiment, try sending it via a session variable rather than a post variable

[freelance84]

It works in a $_SESSION and prints the following:

Array ( [ 0] => pig1 [1] => pig2 [2] => pig3 )

 

I did the following:

test1.php

<?php
$test= array('pig1','pig2','pig3');
$test_s = serialize($test);

session_start();
$_SESSION['ID'] = $test_s;
echo "<a href=\"test2.php\">go</a>";
?>

 

test2.php

<?php
session_start();
$u = $_SESSION['ID'];

print_r(unserialize($u));
?>

 

 

Why doesn't it work through POST? 

 

Also, is it not best to keep all SESSION data for the login?

[kenrbnsn]

Why doesn't it work through POST?

It doesn't work via POST because the serialized value has double quotes in it which are terminating the value in the HTML. This can be seen if you show the source. There are two ways to fix this, either use single quotes:

<?php
echo <<<_END
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DeRep - Class Reports</title>
<link href="css styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<form action="test2.php" method="post">
<input type="hidden" name="test_s" value='$test_s' />
<button id="button-submit_4"  name="view" type="submit">view</button>
</form>
</body>

</html>
_END;
?>

which would break if there are single quotes in the array, or use urlencode on the value before passing it and urldecode in the processing file.

 

Ken

[iblood]

function __unserialize($sObject) {
		$__ret =preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $sObject );
		return unserialize($__ret);
	}

may be this could help..

used that to solve me problem same as yours.. found that on php.net but i forgotthe exact link

[freelance84]

Ah right thanks!   

 

I'll give that a shot when I get back round to it.