Reputation: 1
serialized object stores to database partially
I store my sessions into MySQL database. The session data is serialized and stored to the DB cell.
The problem is following: the serialized object gets into database just partially. if I echo the query string, copy it and paste into phpMyAdmin->database query it gets into database full, as it should. "echo mysql_error" shows no errors. the encoding is not the reason, i have declared it strictly. here's the piece of the code i use.
$sql = "UPDATE sessions
SET SESSION_ID='$id', ACCESS='$access', DATA='".stripslashes($data)."', USER_ID='$username' WHERE SESSION_ID = '$id'";
echo("<br>".$sql."<br>");
return mysql_query($sql, $_sess_db);
echo mysql_error($_sess_db);
how can i fix it? and why does the same query work fine when i copy-paste into phpmyadmin but doesn't work as it should when executed via mysql_query function?
Upvotes: 0
Views: 286
Answers (2)
Reputation: 225
$sql= 'UPDATE `sessions`
SET `SESSION_ID`= "'.$id.'",
`ACCESS`= "'.$access.'",
`DATA`= \''.str_replace("'", "\'", $data).'\',
`USER_ID`= "'.$username.'"
WHERE `SESSION_ID`= "'.$id.'"';
Upvotes: 0
Reputation: 4182
Don't do that - dont dynamically create the update statement. Use parametrized queries instead (see question and answers on sqlinjection). I assume that it has something to do with the datta that is not correctly escaped (which can be prevented by using parametrized queries). Also I assume that mysql_error() gets not called because of the previous
return statement
Upvotes: 1
Related Questions
- PHP Database serialized array issue
- how to insert serialized data into database?
- Storing a serialized object in MySql database
- PHP Serialized database entries messing me all up
- php unserialize a serialized object stored in a DB field
- Serialize object from within
- PHP Array Serialization
- Storing Serialized Data in Relational DBMS (i.e. MySQL)
- Should Database Data Be Serialized?
- Object serialization in PHP issues?