0

Is it possible to escape a serialized string using PDO before it is inserted in the database?

I've built something where content from a WYSIWYG editor will be serialized. If someone pastes text from Word to the editor, and saves, I'll get the following error because multiple style tags where added:

unserialize(): Error at offset 105 of 1020

I've tried saying don't paste from Word haha, however I would like to build it so that it is possible even it's not the best way to do it.

I found the PDO function quote, but I'm not sure if that is what I'm looking for. Besides that function, I couldn't find any other solutions. I'm already using PDO prepared statements.

I would like to know if it is possible. Thanks for the effort.

Zzyrk
  • 907
  • 8
  • 16
ronnyrr
  • 1,481
  • 3
  • 26
  • 45

1 Answers1

1

I believe it is related to encoding.

You should do base64_encode before save and base64_decode after it. As wrote here:

$toDatabse = base64_encode(serialize($data));  // Save to database
$fromDatabase = unserialize(base64_decode($data)); //Getting Save Format

Also, to avoid problems with encoding when you connect to database execute this SQL request:

"SET NAMES 'utf8'"
Community
  • 1
  • 1
Krayton
  • 86
  • 4