Page 1 of 1

[solved] (un)serialize()

Posted: Wed Dec 20, 2006 11:27 pm
by pickle
I'm having problems unserializing() a string I've got. The string in the database looks like so:

Code: Select all

a:1:{s:8:"contents";s:392:"<table width="200" cellspacing="1" cellpadding="1" border="1" align="" summary="">
    <tbody>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
    </tbody>
</table>";}
When I retrieve that string from the DB & unserialize it, the resulting array is empty - in fact it doesn't even exist. Outputing the results of unserialize() get me nothing.
However, when I take that string & store it just as a string, throw it in an array, serialize() it, & unserialize() it, everything looks ok.

So, unserializing is only giving me a problem when I'm pulling the string out of the database. However, outputing the result of mysql_fetch_assoc() yields me the serialized array, with the table embedded inside it.

Please tell me I'm missing something painfully obvious.

FYI: the code I'm using to pull the data out of the db is:

Code: Select all

      $query = <<<SQL
SELECT
  *
FROM
  pages
WHERE
  id = '$this->page_id'
SQL;
      $result = $this->DB->execute($query,'retrieving page properties');
      $row = $this->DB->getData($result);
      $this->contents = unserialize($row['contents']);
- $this->DB is my mysql-wrapper object
- $this->DB->execute() is a wrapper for mysql_query();
- $this->DB->getData() is a wrapper for mysql_fetch_assoc();

Posted: Thu Dec 21, 2006 1:26 am
by jmut
what is the original string/array you are trying to put serialized in db...maybe we could try it out also.
Stab in the dark...maybe some stuff is parsed by the browser...and you think it is not there ....use show source in FF or maybe do all stuff through cli to see the real output

Posted: Thu Dec 21, 2006 9:43 am
by pickle
The original array looks like:

Code: Select all

Array{
['contents']=>'<table width="200" cellspacing="1" cellpadding="1" border="1" align="" summary="">
    <tbody>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
        </tr>
    </tbody>
</table>'
)
The reason I think nothing's being output is because usually when you call print_r() on an array, it always prints out the Array(... part - even if the arrays empty. I'm not even getting that.

Posted: Thu Dec 21, 2006 10:29 am
by aaronhall
Post the code that defines the array before being serialized

Posted: Thu Dec 21, 2006 10:42 am
by Ollie Saunders
Is your database using a Unicode encoding by any chance? It could be a BOM. Try something like this:

Code: Select all

var_dump(strlen($serializedArray) == strlen($serializedArrayFromDb));
obviously you should get true but if you don't that tells you something.

Posted: Thu Dec 21, 2006 11:22 am
by pickle
~ole - you were kind of right. It actually had nothing to do with the encoding, but it did have to do with string length. I forgot to check if magic quotes were enabled (something I almost always check). What was happening was quotes were being added to the string, which was then added to the array. When serialized, the length of the field was counted including the back slashes. However, once it was thrown in the database, the slashes were taken off, thereby making the length of the data shorter than what the serialized version of the array said it was.

Removing the escaping slashes worked perfectly.

Thanks for everyone's help. Your attention was appreciated.

Posted: Mon Feb 26, 2007 10:06 pm
by jonathant
I'm having a similar problem, with the serialized strings not being the same length when apostrophes are used. Magic quotes is turned on, but I don't see any visible backslashes in the string or array. Does that matter? This is what my code is doing:

Code: Select all

foreach ($_POST as $key => $value) {
   $array[]=$value;
}

$array=serialize($array);

// code to insert into db
When I unserialize I get "error at offset ..." errors where $_POST had an apostrophe. When I stripslashes before adding the value to the array it completely removes everything behind the apostrophe. When I add slashes it only increases the difference between the actual string length and the length indicated by the serialization.

Does anything I say make sense? 8O

Posted: Mon Feb 26, 2007 10:24 pm
by jonathant
Ok, forget half of what I just posted... I'm an idiot.

After further investigation, I've discovered that when I do stripslash on the string before placing it in the array, it will hold on the apostrophe. And it will serialize correctly too. But, when I add it to the database, it removes the apostrophe from the serialized string. So, when I unserialize it later, it works fine with no syntax errors, but the apostrophe is missing.

Posted: Mon Feb 26, 2007 10:31 pm
by jonathant
mysql_real_escape_string fixed it... please ignore all my posts from here on out

Posted: Mon Feb 26, 2007 10:56 pm
by feyd
This thread has been dead for several months. Let it be.

Locked.