Posted by Joshua Beall on 03/25/05 01:47
"GamblerZG" <gambler@highstream.net> wrote in message
news:20050324212125.21841.qmail@lists.php.net...
> Output of serialize() is barely readable and definetely is not suited for
> manual editing.
>
> It is quite simple to create var_export() clone that does not add junk to
> it's output. But then I would need to exec() the string to get a data
> structure back, which is bad security practice.
>
> Is there any good way to store/retrieve data structures (multidimetional
> arrays) to/from database?
You should look into the WDDX functions - http://php.net/wddx/ - they give
you an XML document that you can edit by hand much more easily than the
bytestream you get from serialize. However it is not as compact as
serialize, and not only that it suffers from what I consider a showstopped
bug.
This bug in the WDDX serialization causes you to run into trouble if you
have a numerically indexed array that does not start at 0. For instance:
//$data[0] = 'uncomment me and things will work';
$data[1] = "foo";
$data[2] = "bar";
$serialized = wddx_serialize_value($data);
$result = wddx_deserialize($serialized);
echo gettype($result[1]);
The output is "NULL" - it is now impossible directly access anything in the
$result array. It is still there - you can see this if you
var_dump($result) or iterate through it with foreach($result as $entry).
HTH,
-Josh
[Back to original message]
|