Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m facing an odd problem….
$string is user input
$log = serialize(array('string' => $string);
example: “test” would be
“string”;s:4:”test”;
However problems arise when the user submits quotes and some other characters like ;
Of course I escape the string first, but the serialized data cannot be unserialized.
htmlentities before submitting to db wouldn’t work either since ; messes up the data…
Any suggestions?
Please don’t tell me to create db fields and not use serialize()
I am not sure if this is the best practice but a quick hack would be using : http://php.net/manual/en/function.base64-encode.php and http://www.php.net/manual/en/function.base64-decode.php to encrypt the data when sending it to DB and then decrypting it when you retrieve it. now if you think there might be a security issues encrypting using base64 here is a link to do it in a better way :
Best way to use PHP to encrypt and decrypt passwords?