Unserialize multidemensional array in PHP

Question

Unserialize multidemensional array in PHP

Navigation

#1 by (3 votes)

1

Based on this post I am trying to send a result of a form in php to another php page that is responsible for exporting this result to word.

For this first I get the result correctly, and to send it to the other page I do it like this:

<form action="pruebaExportar.php" method="post">
                <input type="hidden" name="resultado" value="<?php echo serialize($resultado) ?>" >
                <input type="submit" value="word">
            </form>

This at first does not seem to generate any error. The problem comes when in the other php I do the following:

$resultado = $_POST['resultado'];
$resultado = unserialize(stripslashes($resultado));

This does not generate errors either, but when I want to access a result data like this:

$resultado[$cont2]["NOMBRE"];

Does not get a name.

Clarification: the variable $cont2 is the index of a for that goes through the results.

As far as I could read the problem is when I try to deserialize the multidimensional array so sending it and receiving it is done correctly but then I am not able to deseriazilarlo.

php

asked by Lombarda Arda 05.05.2017 в 11:38

source

1 answer

how to change the text color with canvas like reading a txt file in java and passing it to an array

score 3 · Accepted Answer

The steps you must follow to send a form field in HTML with serialized data from PHP are:

Encode the information to transmit it with serialize() or json_encode() .
Generate HTML code that can be sent in a form with htmlspecialchars() or base64_encode() .
Decide to use a container <input> or <textarea> .

The best combination is serialize() / base64_encode() / <textarea> (see the last example).

serialize() / htmlspecialchars() / <input>

In this example I use serialize() , htmlspecialchars() and the label <input> (just like you tried to do yourself):

<?php
$resultado = [
    /* Si aquí ponemos "valor<pre><?php
var_dump(unserialize($_POST['resultado']));
?></pre>
hola" falla la decodificación */
    1 => "valorhola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = serialize($resultado);
?><form action="pruebaExportar.php" method="post">
  <input type="hidden" name="resultado"
    value="<?= htmlspecialchars($datos) ?>" >
  <input type="submit" value="word">
</form>

On the decode side:

<?php
$resultado = [
    1 => "valor<pre><?php
var_dump(json_decode($_POST['resultado']));
?></pre>
hola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = json_encode($resultado);
?><form action="pruebaExportar.php" method="post">
  <input type="hidden" name="resultado"
    value="<?= htmlspecialchars($datos) ?>" >
  <input type="submit" value="word">
</form>

Problems:

unserialize() / htmlspecialchars() may fail in the decoding of strings with binary content (images, etc) due to the treatment made by the browser / server of the form fields.

json_encode() / htmlspecialchars() / <input>

In this example I use json_encode() , htmlspecialchars() and the label <input> :

<?php
$resultado = [
    1 => "valor<pre><?php
var_dump(unserialize(base64_decode($_POST['resultado'])));
?></pre>
hola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = serialize($resultado);
?><form action="pruebaExportar.php" method="post">
  <textarea style="display: none;" name="resultado"><?=
    base64_encode($datos) ?></textarea>
  <input type="submit" value="word">
</form>

On the decode side:

<?php
$resultado = [
    /* Si aquí ponemos "valor<pre><?php
var_dump(unserialize($_POST['resultado']));
?></pre>
hola" falla la decodificación */
    1 => "valorhola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = serialize($resultado);
?><form action="pruebaExportar.php" method="post">
  <input type="hidden" name="resultado"
    value="<?= htmlspecialchars($datos) ?>" >
  <input type="submit" value="word">
</form>

Problems:

json_encode() can change data types Array to Object by having non-numeric indexes.

serialize() / base64_encode() / <textarea>

In this example I use serialize() , base64_encode() and the label <textarea> :

<?php
$resultado = [
    1 => "valor<pre><?php
var_dump(json_decode($_POST['resultado']));
?></pre>
hola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = json_encode($resultado);
?><form action="pruebaExportar.php" method="post">
  <input type="hidden" name="resultado"
    value="<?= htmlspecialchars($datos) ?>" >
  <input type="submit" value="word">
</form>

On the decode side:

<?php
$resultado = [
    1 => "valor<pre><?php
var_dump(unserialize(base64_decode($_POST['resultado'])));
?></pre>
hola",
    'hola' => [
        'uno' => 'dos',
        'tres' => 3,
    ],
];
$datos = serialize($resultado);
?><form action="pruebaExportar.php" method="post">
  <textarea style="display: none;" name="resultado"><?=
    base64_encode($datos) ?></textarea>
  <input type="submit" value="word">
</form>

Any binary data will be coded in base64 , normal characters, so there will be no problems when decoding data, no matter how the browser or the server treats the form field.

Problems:

The base64 encoding generates four ASCII characters in its output (6 bits / character x 4 characters = 24 bits ) for every three input characters (8 bits / character x 3 characters = 24 bits). In other words, it increases the size of the data sent by 33% (plus the characters% co_of filling% of the last remaining bits until completing the four output characters, practically negligible).