Php serialize data in mysql

Question

Php serialize data in mysql

I save the data in my database (mysql) using " serialize($array);". This data came from a form with an input field. I want to know what happens if I insert something like " a:4:{i:1;s:7:"fdsfdsf";i" in the form field. can break my data stored in the database? Thank!!

+6

arrays php mysql serialization

alejoabella May 31 '12 at 15:19

source share

3 answers

mysql_, :

$sql = sprintf("INSERT INTO mytable (a) VALUES ('%s')",
    mysql_real_escape_string(serialize($myvar))
);
mysql_query($sql) or die("oh no!");

PDO mysqli , SQL-. PDO:

$stmt = $db->prepare('INSERT INTO mytable (a) VALUES (:myvar)');
$stmt->execute(array(
    ':myvar' => serialize($myvar),
));

, , ; .

+7

Ja͢ck 31 '12 15:34

- .

You can do this with mysqli_real_escape_string() http://www.php.net/manual/en/mysqli.real-escape-string.php

+1

Johannes Klauß May 31, '12 at 15:22

source share

Whisperity · Accepted Answer · 2012-05-31T15:30:50+0000

I tested your example on my system, and after serialization, the following value is returned:

string(42) "a:1:{i:0;s:24:"a:4:{i:1;s:7:"fdsfdsf";i";}"

This is what will be added to the database. But storing simple user input into a database is highly discouraged. You must first format simple user input with mysql_real_escape_string(), as it will escape critical characters.

, unserialize() , , . , .

. , , , VARCHAR TEXT. , . , , , .

, , , . , , , , . .

Php serialize data in mysql

More articles: