Jump to content

Recommended Posts

Hi everyone,

 

I"m working on an app and I'm running into a little problem with unserialize() and the mysql data that I've previously serialize()d. The way the app works is it takes form data and converts this data into an array, then I used serialize() to convert it into something I could put in my database. Now I want to get the serialized data out of the database, and back into an array, so I use it.  The data is in the database, and I can print it out without un-serializing it, but when I try to convert the data back to an array it just prints a blank page.

 

When the data is submitted to the database:

//Placeholder Array
$placeholders = array("=", "--", "<b>", "</b>", "<i>", "</i>", "<blockquote>", "</blockquote>", "_", " ");

//replace array
$replacevals = array("", "", "[b]", "[/b]", "[i]", "[/i]", "[blockquote]", "[/blockquote]", "", "");

$ingr = serialize(explode("\n", addslashes(htmlentities(str_replace($placeholders, $replacevals, $_POST['ingredients'])))));

 

Data from the database:

$test = unserialize(html_entity_decode($ingr));

print $test;

 

Result is a blank page. I've been trying for googling for a couple hours now and I can't figure out what I'm doing wrong. If anyone can give me some help finding what I'm doing wrong it would be much appreciated!

What does unserialize return?

  Check it with  === false

as that would indicate the way you store or retrieve the data is not valid...

 

The Addslashes seems misplaced if it is meant to make the data valid for an sql query? then you should use mysql_escape_string on the Whole string, not on each line..

 

Something like


$placeholders = array("=", "--", "<b>", "</b>", "<i>", "</i>", "<blockquote>", "</blockquote>", "_", " ");
$replacevals = array("", "", "[b]", "[/b]", "[i]", "[/i]", "[blockquote]", "[/blockquote]", "", "");

$ingredients = $_POST['ingredients'];  // You need to clean this data

$ingr = serialize(explode("\n", htmlentities(str_replace($placeholders, $replacevals, $ingredients))));
mysql_query ("INSERT INTO tablename (columnname) VALUES('".mysql_escape_string($ingr)."');");

mysql_query ("SELECT columnname FROM tablename;");
$row = mysql_fetch_assoc('columnname');
$test = unserialize(html_entity_decode($ingr));
print $test;

 

or perhaps i missunderstood something here.. anyway, for testing do an unserialize right after the serialize to test it..

 

Hi Stoker,

 

Thanks for the help. If I print the data in the database without unserializen()ing it it prints perfectly fine.

 

I see the following:

a:7:{i:0;s:49:"2 Whole breasts of chicken, cut into 1-in cubes ";i:1;s:25:"1 md Onion, sliced thick ";i:2;s:20:"1 tb Cognac or arak ";i:3;s:14:"1/2 ts Pepper ";i:4;s:23:"1/2 ts Ground cinnamon ";i:5;s:23:"1/4 ts Ground turmeric ";i:6;s:9:"1 ts Salt";}

 

When I unserialize the data in the database nothing is printed to the page. It just returns blank space.

 

You are correct about the addslashes(). I was using it to simply add backslashes before quotes.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.