Re: [PHP-DB] Serialize
you should definitely quote it because serialized strings can still contain quotes, semicolons, commas, etc... and other stuff thats used in sql injection attacks. On 5/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, Is a serialized array a safe string to enter into a mysql text field? Or is a function such as mysql_real_escape_string needed to ensure it is inserted correctly? regards Simon. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Scott Hurring [scott dot hurring dot lists at gmail dot com] http://hurring.com/
[PHP-DB] Serialize
Hi, Is a serialized array a safe string to enter into a mysql text field? Or is a function such as mysql_real_escape_string needed to ensure it is inserted correctly? regards Simon. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Serialize...Unserialize
I have an array of values I want to store in a MySQL db in a column called readBy of type TEXT. I want to take that array and serialize it then insert it into the db. No big deal. When I query the db and get the value from the readBy column, I know I have to unserialize it. Again, no big deal. My question about all of this is once I unserialize the data from the column, can I immediately use the array_push() function to append additional data to the unserialized data? Will the unserialized data immediately be recognized/treated as an array? Also, is the TEXT dolumn type an appropriate column type to store serialized data or is there another column type that should be used? Lots of questions I know. Just wanted to make sure that it's really as easy as unserialize() then array_push() with nothing else required. Thanks in advance. Rich -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Serialize...Unserialize
Hutchins, Richard wrote: I have an array of values I want to store in a MySQL db in a column called readBy of type TEXT. I want to take that array and serialize it then insert it into the db. No big deal. When I query the db and get the value from the readBy column, I know I have to unserialize it. Again, no big deal. My question about all of this is once I unserialize the data from the column, can I immediately use the array_push() function to append additional data to the unserialized data? I would imagine because the output of unserialize() is of the array type. Unless, there was an error unserializing it. Will the unserialized data immediately be recognized/treated as an array? Yes. Also, is the TEXT dolumn type an appropriate column type to store serialized data or is there another column type that should be used? If you can guarantee that the data doesn't go above 256 characters, then a varchar column can be used. But serialized data can get pretty big, so anticipate for it, by using text columns. -- Gerard Samuel http://www.trini0.org:81/ http://test1.trini0.org:81/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Serialize...Unserialize
Thanks for the feedback, Gerard. One thing I've learned in this experiment is that once the data is serialized and put into the readBy (TEXT) column, I can't really do any queries that do comparisons on the data stored in that column because of the serialization markup. Unfortunately, this is a requirement in this particular case. I can hear the collective Duh! from everybody out there now ;^) What can I say, I had to learn the hard way. Unless I'm wrong, it looks as if I need to go back to doing implode()/explode() on this data in order to preserve the comparisons I need to do inside other queries. Which I don't mind, I was just hoping serialize()/unserialize() would make life easier. Lesson learned. Thanks, Rich -Original Message- From: Gerard Samuel [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 1:39 PM To: Hutchins, Richard Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Serialize...Unserialize Hutchins, Richard wrote: I have an array of values I want to store in a MySQL db in a column called readBy of type TEXT. I want to take that array and serialize it then insert it into the db. No big deal. When I query the db and get the value from the readBy column, I know I have to unserialize it. Again, no big deal. My question about all of this is once I unserialize the data from the column, can I immediately use the array_push() function to append additional data to the unserialized data? I would imagine because the output of unserialize() is of the array type. Unless, there was an error unserializing it. Will the unserialized data immediately be recognized/treated as an array? Yes. Also, is the TEXT dolumn type an appropriate column type to store serialized data or is there another column type that should be used? If you can guarantee that the data doesn't go above 256 characters, then a varchar column can be used. But serialized data can get pretty big, so anticipate for it, by using text columns. -- Gerard Samuel http://www.trini0.org:81/ http://test1.trini0.org:81/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php