PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Obviously your string is truncated. Also you should never attempt to unserialize user input (anything that comes from a browser) as it poses severe security threat to your host. Use json_encode()/json_decode() if you need a safe way to serialize complex structures.
OK, so I helped them here: viewtopic.php?f=1&t=118406&start=0, but I didn't pay attention to whether it was user input or not. Also, it was a GET var at that point.
GET data must be urlencoded, but POST doesn't, so don't use urlencode(). See what that does.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Yes you helped me solve this a couple of days ago.
But this is really strange - because I am trying to pass the same multidimensional array in the same form, but this time to a different page. So using the same method that worked before I'm getting no output which is really puzzling.
It looks as if the variable is being truncated as suggested above. The index which should store the first line of the adress ("1 High St") is being truncated after the 'g'. I'm not sure how or why though.
After playing around for a few hours and tidying up some errors which I discovered I''m now dumping the unserialized GET variable into a database. It is clear that the variable has been truncated because I get:
What is the type and length of the field in the db? Show the insert code and any code that modifies the var before the insert.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
This array's data again was also truncated when received at the url_success script. Further investiagation revealed that the array truncated after exactly 128 characters. This was confirmed when I checked at what point the original arrays that I was passing truncated. If I set the array above with say just 4 indexes the truncation does not occur.
robburne wrote:
This array's data again was also truncated when received at the url_success script. Further investiagation revealed that the array truncated after exactly 128 characters. This was confirmed when I checked at what point the original arrays that I was passing truncated. If I set the array above with say just 4 indexes the truncation does not occur.
So does this shine any light on the problem?
Kind of. Since you're passing the data via third party it could be that they are truncating it. At this stage I'd contact them to verify this assumption. In the meanwhile you can start storing the data somewhere on your server and passing some kind of identifier instead, something like this:
<?php
// cart.php // assuming we're passing array of products
$secret = "a piece of very secret data";
mysql_query('insert into PassThroughData set value="' . mysql_real_escape_string(json_encode($_SESSION['products'])) . '"'); // make sure your data does not exceed limits of the column data type
$dataId = mysql_insert_id(); $signature = hash_hmac('sha1', $dataId, $secret);
?>
<form ........>
<input type="submit".../>
<input type="hidden" name="callback_url" value="...........?<?=http_build_query(array('to_pass' => $dataId, 'signature' => $signature))?>"/>
</form>
<?php
// success.php
$secret = "a piece of very secret data";
$_GET['to_pass'] = (int) $_GET['to_pass'];
if (hash_hmac('sha1', $_GET['to_pass'], $secret) !== $_GET['signature']) {
die('Go away. Just... go.');
}
$res = mysql_query('select value from PassThroughData where id=' . $_GET['to_pass']); // sanitized by (int) cast above
list($data) = mysql_fetch_row($res);
$data = json_decode($data, true);
// $data now contains what was in $_SESSION['products'] originally
mysql_query('delete from PassThroughData where id=' . $_GET['to_pass']); // cleanup
In the same form I can pss an id. Then based on the id I can query the db and retrieve the info to populate the array. However to improve efficieny I wanted to pass the session array via the form to make the code more efficient by not having to query the db.
I know I am splitting hairs here and the results are the same but wanted to getting work this way and besides I think it is good to learn where I am going wrong with this preferred method.
I have emailed the payment provider to ask if they are truncating the data passed - I will let you know.