Thread: Is serialized

    #1
  1. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123

    Is serialized


    Is there a way to detect if a string is a serialized object/array ?

    eg

    PHP Code:
    if(is_serialized($str)) {
         
    $val unserialize($str);

    if there isn't then I may have to write my own, and knowing my ambitions it will end up trying to detect php's serialize, json and xml. Knowing my skills, this may not fully work!!!
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    where do these strange strings come from?

    If it's a leftover of some buggy program or something and there's really no better solution, I'd simply call unserialize() and check if the return value is not "false". But you have to make sure the string isn't actually a serialized "false" (b:0 -- the genius of PHP strikes again.

    Of course that's not an elegant solution, but the problem isn't elegant, either.

    I wouldn't even try to parse the strings. You'd end up rewriting complex stuff that PHP has already built in. Only do that if you're dealing with gigantic values that cannot simply be deserialized on the fly.
    Last edited by Jacques1; January 3rd, 2013 at 08:34 AM.
  4. #3
  5. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    It's coming from several external sources in POST requests

    In one instance it's a payment gateway similar to paypal, some values are plain text scalar values, others have been serialzed using php's serialize function or equivilent

    In another case it is coming from a POST request made by client side javascript and could be either xml or JSON.

    However, in some cased the entire response is either JSON or XML (i use file_get_contents("php://input");) in other cases I am receiving more standard URL encoded POST data, with some values serialised or JSON'd

    I am attempting to consolidate the code, so I only have to maintain one receiver, rather than 3...if I could get the code to decide what to run then future development would be easier.

    I could look at the first few characters and attempt to make a decision, decode and compare to the original....but it all just seems a bit messy
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Does each value have a predefined data format? If that's the case, then why you don't you use this information to select the correct decoding function?

    I'm not really sure what you're trying to do. If you're trying to write a generalized function, which automatically determines the data format for each case, then this is not a good idea. Set the format explicitly.

    Or is the data format of the values not even known beforehand? That would be a real mess ...
  8. #5
  9. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    Originally Posted by Jacques1
    Does each value have a predefined data format?
    Some, but not all

    Originally Posted by Jacques1
    Or is the data format of the values not even known beforehand? That would be a real mess ...
    most of the time this is true

    The problem is that the data is not being properly handled/formatted by the 3rd parties.

    for example, the serialized strings could easily be url encoded, but it's serialized instead, eg $_POST['response'] is a serilaized string as its value, rather than being an array like

    $_POST['response']['amount'] or $_POST['response']['auth_number']

    testing if something is an array is nice and easy...testing if something was an array....
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Well, in this case either use unserialize() as suggested above or your idea of checking only the first few characters.

    If you need the unserialized values, anyway, then unserialize() would actually be a pretty good way of dealing with this.
  12. #7
  13. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    I'm hoping to avoid unnecessarily calling unserialize() on values which are not serialized
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Why? If it's not serialized, the function will simply fail after the first few characters.

    If you don't like that, then use your idea. Give up hope of finding a perfect solution for this. The application you're getting the values from is simply broken, so all you can do is try to find an acceptable workaround. You have two sensible options. Both aren't elegant, but they'll work.

    Yes, you could dig deep into the PHP source code, look up the exact serialize() logic and then write a parser. But how would that improve the application? It would be just as broken as it was before, but you'll have wasted a lot of time.
  16. #9
  17. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,867
    Rep Power
    6351
    A quick check would be to see if the string stars with \w+:, so:

    PHP Code:
    if ( preg_match("/^\w+:/"$yourString
      && 
    $a unserialize($yourString) && $a !== false 
    -Dan
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

IMN logo majestic logo threadwatch logo seochat tools logo