Grab array from textarea and convert it into an array

Question

I need user to enter an array in a textarea and this array might be big array, I tried to serialize it and save it encoded in DB but it failed,

This is my code:

if( strpos( $_POST['textarea_array'], 'array' ) !== FALSE ) {

     $temp_serialized = serialize( $_POST['textarea_array'] );

     if( ( $temp_unserialized = @unserialize( $temp_serialized ) !== FALSE ) 
         && is_array( $temp_unserialized ) ) {

         /* Condition FAILED */

         $temp_json = json_encode( $temp_unserialized );
         $final_value = base64_encode( $temp_json );

     }

}

Example of what would be entered in the textarea a simple or a complicated array with sub array for each key

array( 
   'x_sub_array' => array( 
       'x_1' => 'X 1', 
       'x_2' => 'X 2', 
       'x_3' => 'X 3', 
   );
   'x_2' => 'X 2', 
   'x_3' => 'X 3', 
);

how is the user separating each element in the 'array'? isnt a textarea just one big string until you parse it? — Don Bhrayan Singh, May 09 '17 at 14:59
The user in this case is a developer need this array to use in other way — Hady Shaltout, May 09 '17 at 15:00
Please show an example of how a user is supposed to enter an array in the textarea. — RiggsFolly, May 09 '17 at 15:01
what are trying to do, make them run an possible `eval()`? *"but it failed"* - How, what errors did you get or are you not checking for them via php and the possible db query? and where's the form for this? — Funk Forty Niner, May 09 '17 at 15:01
This user is a developer and he'll need to use this array as a dynamic array for each page .. So he cannot enter inside that php files — Hady Shaltout, May 09 '17 at 15:02
Look up [`eval()`](http://php.net/manual/en/function.eval.php) and then lookup [why you should never use it](http://stackoverflow.com/questions/951373/when-is-eval-evil-in-php) — RiggsFolly, May 09 '17 at 15:20
There's an admin panel to do so, and no one will do that only the site owner, (one person) will write this not the visitors, Thanks for your note — Hady Shaltout, May 09 '17 at 15:34
Maybe it is not clear to you but, whatever is into a textarea is just a string, or, in your case, a string represantation of an array, when you serialize it your result will start with s: (as in string) and when deserialized you will have just a string and not an array. You can resort to `eval` but this will led to problems with deliberate hacking or unintended mistype or syntax errors that will lead to a nightmare, to me (i.e. if you are lucky the error will make evaluation fail, if not you will have a corrupt array to cope with). — Eineki, May 09 '17 at 15:39

score 1 · Answer 1 · answered May 09 '17 at 15:25

First of all, there are easier ways to pass data. But if this is the absolute ONLY way, might as well answer it bluntly. (If your user strictly adheres to the format...)

if(isset($_POST['textarea_array'])){

    $raw = $_POST['textarea_array'];

    //Parse the array section
    $start = strpos($raw, "(");
    $end = strpos($raw, ")");
    $full = substr($raw,$start+1,$end - ($start+1));

    //Remove quotations
    $full = str_replace("'","",$full);

    //Divide string into array of segments `key=>value` as one segment
    $segments = explode(",", $full);

    foreach($segments as $segment){
        //Divide each segment `key=>value` to a temp array
        //Index 0 will hold the key, Index 1 will hold value

        $array_part = explode("=>",$segment);

        //Remove spaces
        $key = trim($array_part[0]);
        $value = trim($array_part[1]);

        //insert into associative array
        $final[$key] = $value;
    }

    //$final now has your associative array
    echo json_encode($final);
}

Again, there are better alternatives.

-How bout having the user pass a json object via AJAX?

-Or how bout the user enter each element and separate with a newline?

But never rely on serialize or eval especially since you dont want users to have access to your php pages.

Grab array from textarea and convert it into an array

1 Answers1