PHP Serialize() & Unserialize() Issues
I've been working on some very large forms lately and I've come to the conclusion that creating a database scheme around them wouldn't be the best option because:
- My customers don't need to analyze all form submissions as a whole -- form information is simply used on a per-submission basis (like a job application, for example).
- Making updates to these forms would be very costly since it would take quite a bit of time to add and remove DB fields as well as update the HTML form.
- I'd like to revert the information into an array format just like it came in easily.
For that reason, I've been using the serialize() and unserialize() functions often. Serializing an array keeps the information in an array format, so to speak, but in one long string. Anyways, I ran into the following error when testing unserialize on some information that I had serialized:
Notice: unserialize(): Error at offset 2 of 52 bytes in file.php on line 130
It turns out that if there's a ", ', :, or ; in any of the array values the serialization gets corrupted. I've found the following fix for this issue on PHP.net:
//to safely serialize $safe_string_to_store = base64_encode(serialize($multidimensional_array)); //to unserialize... $array_restored_from_db = unserialize(base64_decode($encoded_serialized_string));
It's a great fix to simple problem!
Great fix indeed!!! Smart thinking!
Works like a charm. I haven’t found any issue with this work-around. You’re one smart duck.
Great “fix”. :-) You also may want to look into a document oriented store (e.g. CouchDB) vs. serializing data into a RDBMS. This would allow you to stay flexible when storing data, but also for later querying/analyzation.
Thanks for this tip! I almost deleted all my new code related to serialization when I decided to search for solutions and found this trick.
It’s not very clear for me how it works if it encodes string after it’s serialized and decodes before it’s unserialized, but for as long as it works I’m happy!
@Shimon, it’s not actually encoding the string, it’s encoding the serialization. If you encode the serialized array, you’ll have to decode the array before you unserialize it.
My accent was made on why it does encoding after all, when serialization is done already. I understand that if you encode string after serialization you’d have to decode before unserialization :)
Thank you, I was having an issue with serialize() and unserialize() and this post solved it :)
Thanks for this solution.
Serialize and unserialize is a godsend in lieu of sessions and forms, but could be better constructed.
Great blog you’re writing! I think the easiest way to prevent these issues is not to use serialize() function. Why not use the implode() function, it can do the same as far as i know!
When storing very long strings in MySQL, make sure you check the length.
MySQL will silently truncate data longer than the allotted field.
Also, using this technique instead of storing in a database means ‘schema’ changes must be done with a php script vs using a db script to migrate data.