0

Currently, to check if something is serialized, I do this:

function is_serialized($data)
{
    return (@unserialize($data) !== false);
}

But it issues an E_NOTICE. The @ is great to suppress output, but it's still clogging up every other line of my error log (which is purposefully enabled for notices). Are there any cleaner alternatives??

2
Contributors
3
Replies
32
Views
4 Years
Discussion Span
Last Post by IIM
0

Warning
FALSE is returned both in the case of an error and if unserializing the serialized FALSE value. It is possible to catch this special case by comparing str with serialize(false) or by catching the issued E_NOTICE.

Warning
Do not pass untrusted user input to unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Use a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) if you need to pass serialized data to the user.

Quote from manual

Will work on it and let you know to supresss E_NOTICE other than using @

0

As per what i have digged out ,you are doing it in proper way except for use base64_decode($data) instead of $data.

Another way to do the same is to use regular expression instead of calling unserialize() method as the data retured after serialization returns particular format.
For String like :
s:4:"test"
For Array like
a:4:"test"

 function mb_unserialize($serial_str) {  
$out = preg_replace('!s:(\d+):"(.*?)";!se', "'s:'.strlen('$2').':\"$2\";'", $serial_str );  
return unserialize($out);  
}  

Check http://stackoverflow.com/questions/4748795/how-to-find-out-if-a-string-is-a-serialized-object-array-or-just-a-string
http://www.codekites.com/3-ways-to-serialize-variables-in-php/

Edited by IIM

0
$error_reporting = error_reporting(error_reporting() ^ E_NOTICE);

$y = unserialize("sdfsdf");
if($y) {
   echo $y;
}
else {
    // do something else
}

error_reporting($error_reporting);

By this you can change error_reporting .It says that report error for all except E_NOTICE.

I am not sure whether this can be configured for a page only.
Please do let me know if error_reporting can be changed from page to page if required.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.