Serializing array in PHP, preventing injection
Posted
by Cyclone
on Stack Overflow
See other posts from Stack Overflow
or by Cyclone
Published on 2010-05-05T00:01:16Z
Indexed on
2010/05/05
0:08 UTC
Read the original article
Hit count: 297
I'm writing a PHP script which uses serialized arrays to store data. How can I prevent injection in serialization? It would be very easy to name your account:
something";s:6:"access";s:5:"admin";
for a simple example. The user could then add the rest of the needed parameters somehow. Would addslashes work for this? Does the php unserialize pick up on that as being an escaped character? If so, is it possible to apply addslashes to an entire array without iterating through?
Thanks for the help!
© Stack Overflow or respective owner