how to send a serialized object via post in a form?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

how to send a serialized object via post in a form?

Post by jasongr »

Hello

I would like to serialize an object of one of my custom classes and send it (as a serialized string) to another page and then to deserialize it and reuse the object.

I am using the serialize() function to generate a string representation of the object.
The problem is that I am having a problem deserializing it back.
It seems as if the format of the string was modified when send it via post.

Do I need to take care of some special characters that might appear in the serialized string? if so what transformation should I run the string through before sending it via a post form?

regards
Jason
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

Quote from php.net

The cookie mechanism for the webserver adds the slashes automatically. instead of just dumping strings into the cookie, make sure you base64_encode them first - to protect the cookie's content from escape characters.

Of course, this means that when retrieving the cookie, you'll need to base64_decode the string.
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

what cookie are you refering to?
I am talking about sending the serialized object as part of a POST form.
I would like generate the following form:

Code: Select all

<form name="name" target="_blank" method="POST" action="page.php">
 <input type="submit" value="Click here">
 <input type="hidden" name="object" value='<?php print $serializedObject; ?>'>
</form>
when the user will click the button, the form will send to page.php where I will unserialize the content of the $_POST['object'] variable
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

use sessions to pass the object.
User avatar
protokol
Forum Contributor
Posts: 353
Joined: Fri Jun 21, 2002 7:00 pm
Location: Cleveland, OH
Contact:

Post by protokol »

If you want to send the object via post, then [php_man]serialize[/php_man] it. This will make a string version of the object. Then when you want to use it on the page you POST to, just [php_man]unserialize[/php_man] it.

If you want to use a [php_man]session[/php_man] then just assign the object to a session variable. This will automagically take care of serialization and unserialization on each page you use it.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

and with sessions, they don't have an easy time modifying anything they want in your internal objects..
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

The problem is that I cannot use sessions.
My application must be cluster safe so I am not using sessions at all

I will use base64_encode to encode the serialized string before passing it to the form and base64_decode to decode it back before unserializing it.

could there be a chance that the object will not be unserialized correctly?
User avatar
protokol
Forum Contributor
Posts: 353
Joined: Fri Jun 21, 2002 7:00 pm
Location: Cleveland, OH
Contact:

Post by protokol »

Nah, just make sure that you unserialize and decode in the opposite order that you serialize and encode.

Code: Select all

$o = new Object();
$s = serialize($o);
$e = base64_encode($s);

// blah blah

$d = base64_decode($e);
$u = unserialize($d);
Last edited by protokol on Wed Aug 18, 2004 3:15 am, edited 1 time in total.
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

Yes, that did the trick
Post Reply