unserialize() problem in php when serialize() works just fine

Question

I'm using the serialize()/unserialize() functions in php 5.2. The text to be stored is POSTed via a form. Btw, no white-space before or after. Even if the text contains " or ', it serializes successfully. The problem is it does not unserialize() back. what am I doing wrong?

Answer 1

It is magic quotes probably in response for such a behavior. So, to unserialize you may have to do a stripslashes() first:

if (get_magic_quotes_gpc()) $data = stripslashes($data);

though it's almost impossible to have magic quotes on a 5.2 system...
To say something certain, you have to find a difference between initial and returned data.

But anyway, why don't you use sessions instead of sending data to the browser and back? Sessions are a faster and secure way.

Answer 2

David Walsh has a simple solution:

//to safely serialize  
$encoded_serialized_string = base64_encode(serialize($your_array));  

//to unserialize  
$array_restored = unserialize(base64_decode($encoded_serialized_string));  

http://davidwalsh.name/php-serialize-unserialize-issues

Answer 3

Adding slashes to quotes solves the problem. Have a look at my code: http://codepad.org/7JWa2BT6

Answer 4

When you serialize, you should use addslashes and when you unserialize, use stripslashes function.

Example:

if (get_magic_quotes_gpc())
{
  serialize($variable);
}
else
{
  addslashes(serialize($variable));
}

if (get_magic_quotes_gpc())
{
  stripslashes(unserialize($variable));
}
else
{
  unserialize($variable);
}