How do I correctly serialize and unserialize a string containing escaped characters?
Given:
$data = "\'test\'";
$out= serialize($data);
print_r($out); // -> s:8:"\'test\'";
The problem here is, that the string length is not accepted by unserialize:
$out = 's:8:"\'test\'"';
var_dump(unserialize($out)); // -> bool(false)
But if I change the string length to 6 (ignoring the escape chars):
$out = 's:6:"\'test\'"';
var_dump(unserialize($out)); // -> string(6) "'test'"
It unserializes correctly.
What would be a good way of handling this problem?
Your test cases don't match, you're wrapping the string in double quotes in your first example and single quotes in the second, causing the escape character to be taken literally in the latter.
$out = '\'test\'';
is different from
$data = "\'test\'";
if you do
$data = "\'test\'";
$out= serialize($data);
print_r($out); // -> s:8:"\'test\'";
$data = unserialize($out);
print_r($data); // -> \'test\'
it will work.
I would try calling base64_encode() before you serialize the data and then base64_decode() after unserializing the data.
$data = "\'test\'";
$out= serialize(base64_encode($data));
var_dump(base64_decode(unserialize($out))); // -> bool(false)
The problem is, that your escape characters are being evaluated by PHP. If you want to keep them intact, you should escape them too :) Example:
$out = 's:8:"\'test\'"'; // $out = s:8:"'test'"
$out = 's:8:"\\\'test\\\'"'; // $out = s:8:"\'test\'"
var_dump(unserialize($out)); // string(8) "\'test\'"
Instead of using serialize and deserialize, try json_encode and json_decode. The latter will do the (un)escaping of the quotes for you.
来源:https://stackoverflow.com/questions/7146570/php-serializing-and-unserializing-string-containing-escaped-characters