January 3rd, 2013, 08:15 AM
Is there a way to detect if a string is a serialized object/array ?
if there isn't then I may have to write my own, and knowing my ambitions it will end up trying to detect php's serialize, json and xml. Knowing my skills, this may not fully work!!!
$val = unserialize($str);
January 3rd, 2013, 08:30 AM
where do these strange strings come from?
If it's a leftover of some buggy program or something and there's really no better solution, I'd simply call unserialize() and check if the return value is not "false". But you have to make sure the string isn't actually a serialized "false" (b:0 -- the genius of PHP strikes again.
Of course that's not an elegant solution, but the problem isn't elegant, either.
I wouldn't even try to parse the strings. You'd end up rewriting complex stuff that PHP has already built in. Only do that if you're dealing with gigantic values that cannot simply be deserialized on the fly.
Last edited by Jacques1; January 3rd, 2013 at 08:34 AM.
January 3rd, 2013, 08:37 AM
It's coming from several external sources in POST requests
In one instance it's a payment gateway similar to paypal, some values are plain text scalar values, others have been serialzed using php's serialize function or equivilent
However, in some cased the entire response is either JSON or XML (i use file_get_contents("php://input");) in other cases I am receiving more standard URL encoded POST data, with some values serialised or JSON'd
I am attempting to consolidate the code, so I only have to maintain one receiver, rather than 3...if I could get the code to decide what to run then future development would be easier.
I could look at the first few characters and attempt to make a decision, decode and compare to the original....but it all just seems a bit messy
January 3rd, 2013, 09:00 AM
Does each value have a predefined data format? If that's the case, then why you don't you use this information to select the correct decoding function?
I'm not really sure what you're trying to do. If you're trying to write a generalized function, which automatically determines the data format for each case, then this is not a good idea. Set the format explicitly.
Or is the data format of the values not even known beforehand? That would be a real mess ...
January 3rd, 2013, 09:09 AM
Some, but not all
Originally Posted by Jacques1
most of the time this is true
Originally Posted by Jacques1
The problem is that the data is not being properly handled/formatted by the 3rd parties.
for example, the serialized strings could easily be url encoded, but it's serialized instead, eg $_POST['response'] is a serilaized string as its value, rather than being an array like
$_POST['response']['amount'] or $_POST['response']['auth_number']
testing if something is an array is nice and easy...testing if something was an array....
January 3rd, 2013, 09:16 AM
Well, in this case either use unserialize() as suggested above or your idea of checking only the first few characters.
If you need the unserialized values, anyway, then unserialize() would actually be a pretty good way of dealing with this.
January 3rd, 2013, 09:33 AM
I'm hoping to avoid unnecessarily calling unserialize() on values which are not serialized
January 3rd, 2013, 09:59 AM
Why? If it's not serialized, the function will simply fail after the first few characters.
If you don't like that, then use your idea. Give up hope of finding a perfect solution for this. The application you're getting the values from is simply broken, so all you can do is try to find an acceptable workaround. You have two sensible options. Both aren't elegant, but they'll work.
Yes, you could dig deep into the PHP source code, look up the exact serialize() logic and then write a parser. But how would that improve the application? It would be just as broken as it was before, but you'll have wasted a lot of time.
January 3rd, 2013, 10:20 AM
A quick check would be to see if the string stars with \w+:, so:
if ( preg_match("/^\w+:/", $yourString)
&& $a = unserialize($yourString) && $a !== false )
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.