Comments on: PHP Serialize() & Unserialize() Issues

By: ZAGI

ZAGI — Sat, 21 Jan 2012 06:40:46 +0000

hi, I had same problem, but I found that I had magic_quotes_runtime enabled which was causing the error.
hope this would be helpfull to.

By: Chris Fav

Chris Fav — Wed, 11 Jan 2012 02:30:25 +0000

Thank you alot, FIXED my issue.

By: Bilal

Bilal — Fri, 30 Dec 2011 01:22:59 +0000

Thankyou!! that was really helpful :)

By: Charlie Schliesser

Charlie Schliesser — Tue, 22 Nov 2011 19:31:23 +0000

Might I throw in my 2 cents:

json_encode() / json_decode().

By: Alix

Alix — Thu, 03 Nov 2011 04:00:10 +0000

I never leave comment, but you really save me man. Thanks

By: vipul solanki

vipul solanki — Tue, 18 Oct 2011 07:51:04 +0000

please send me anyother solution if you find

By: vipul solanki

vipul solanki — Tue, 18 Oct 2011 07:37:39 +0000

i am having same problem as ypo havd earlier.
i tried out your code but its not working.

By: nenillo

nenillo — Mon, 10 Oct 2011 08:44:56 +0000

I think this is caused by modern encoding (utf-8) and the use of old MySQL library (mysql_* functions on PHP).

Changing MySQL API to mysqli and setting the proper encoding (mysqli::set_charset) will fix this without base64.

Base64 would use a lot of storage space.

By: NubbyNubkins

NubbyNubkins — Wed, 05 Oct 2011 01:43:18 +0000

Excellent solution. This is definitely a good way to go. I was thinking of using the preg_replace function to replace any single quotes, double quotes, semi_colons, or colons with a set of characters that is unlikely to be used in the string. For instance:

$variable = preg_replace(‘|\’|', “_SINGLEQUOTE_”, $variable);
$variable = preg_replace(‘|\’|', “_DOUBLEQUOTE_”, $variable);
$variable = preg_replace(‘|\’|', “_SEMICOLON_”, $variable);
$variable = preg_replace(‘|\’|', “_COLON_”, $variable); $variable = serialize($variable);

The downside to this solution is that it is a lot of work for a similar result and the unserialize function must utilize the same code but in reverse. I haven’t yet tested the two but speed can definitely be a factor in which direction you would want to go. Also, with the preg_replace solution, you must use a string that will NOT be used in the variable at all or strange results will occur. Again, thanks for sharing your solution. I believe it may be a way that I will go with my code and its certainly a clever use of the base64_encode()/decode() functions.

By: Dr Lightman

Dr Lightman — Wed, 07 Sep 2011 15:21:09 +0000

I agree with Shimon in this, there is no reason why adding that layer of base64 encoding AFTER the serialization occurs, should resolve a problem with the unserialization, unless, and that’s not been specified in here, the serialized data was messed up by some escaping function, encoding conversion, etc, before or after being stored in a database or similar.

I understand that in that case, preventing the data from containing characters suscettible to escaping such as quotes, would be of help, but it’s not a general case.