We have a session management class which actually stores session variables/objects into mysql. we are recently having some problem while storing....we are in a doubt whether objects have to escaped before they are stored into the database. we suspect some objects can have special characters in it.
my question is
1. do objects need to escaped
2. if yes, how do I escape it?
Thanks...
should objects be escaped before stored into DB??
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
we have to tried to escape a session object by serializing it and running it on mysqli_real_escape_string, it yields this..
I do not know where this \0 comes from instead of \
feyd, my doubt is ...let us assume an object,
object(
name =>o'reilly,
city=>gloucester
)
when you try to store an object like that into DB, do you expect it not to give problems
when you tried to run that query from the PHP script, part of the value is stored in the DB
Code: Select all
INSERT INTO session_variable (session_id,variable_name,value) VALUES ('$rb94Za}%tA?_OsGu7_9~R}X3C5LN%OsAukiwxL?^V[K6bO$QTp19xK?^U$qm6bc0.23333000 1141726915','UserObj','O:10:\"OnlineUser\":9:{s:18:\"\0OnlineUser\0obj_id\";s:1:\"1\";s:16:\"\0OnlineUser\0name\";s:4:\"Test\";s:17:\"\0OnlineUser\0email\";s:15:\"test@test.co.uk\";s:26:\"\0OnlineUser\0receive_offers\";s:1:\"1\";s:35:\"\0OnlineUser\0receive_recommendations\";s:1:\"0\";s:18:\"\0OnlineUser\0status\";s:1:\"1\";s:21:\"\0OnlineUser\0more_info\";s:0:\"\";s:24:\"\0OnlineUser\0privelege_id\";s:1:\"2\";s:20:\"\0OnlineUser\0password\";N;}')feyd, my doubt is ...let us assume an object,
object(
name =>o'reilly,
city=>gloucester
)
when you try to store an object like that into DB, do you expect it not to give problems
when you tried to run that query from the PHP script, part of the value is stored in the DB