php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14819 str_replace used with serialize
Submitted: 2002-01-02 23:49 UTC Modified: 2002-01-09 16:46 UTC
From: voltaic at thcnet dot net Assigned:
Status: Closed Package: Strings related
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
 [2002-01-02 23:49 UTC] voltaic at thcnet dot net
Two lines like this:
$myarray[ 2 ] = str_replace( "'", "", $mystring );
$myserial = serialize( $myarray );

produce a serialized array in $myserial but it contains the wrong length or sometimes the wrong value for the string I inserted.  It sometimes deletes the "'" and the following character, sometimes deletes just the "'" but has the wrong length of the string encoded in the serialized variable.  

An example of $myserial would be:
a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:5:"dont";} 
Which encodes the wrong length for the final string.

It works correctly when I break it into three lines:
$mystring = str_replace( "'", "", $mystring );
$myarray[ 2 ] = $mystring;
$myserial = serialize( $myarray );

An example of $myserial would be:
a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:4:"dont";} 
Which encodes the correct length for the final string.

This only appears to happen if there is a str_replace match in the string.  If there is no match for the str_replace function, the glitch doesn't seem to appear.  Thanks.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-03 01:28 UTC] georg@php.net
Just tested it with 4.0.6 and 4.1.0
All seems to be ok.

Can you send me your configuration options?


 [2002-01-03 03:56 UTC] sander@php.net
Status -> feedback
 [2002-01-04 20:55 UTC] voltaic at thcnet dot net
Here are my configuration options:

'./configure' '--prefix=/usr/local'
'--with-apache=/usr/local/src/Apachetoolbox-1.5.19/apache_1.3.19'
'--enable-exif' '--enable-memory-limit=yes' '--enable-track-vars'
'--with-calendar=shared' '--enable-safe-mode' '--enable-magic-quotes'
'--enable-trans-sid' '--enable-wddx' '--enable-ftp' '--with-mysql'
'--with-mysql=/usr/local/mysql' '--with-openssl'

 [2002-01-05 08:05 UTC] edink@php.net
Cannot reporoduce this:

$mystring="don't";
$myarray[ 0 ] = "s1";
$myarray[ 1 ] = "s2";
$myarray[ 2 ] = str_replace( "'", "", $mystring );
$myserial = serialize( $myarray );
print $myserial."\n";

prints correctly:

a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:4:"dont";}

in PHP 4.0.5, PHP 4.1.1, adn PHP 4.2.0-dev.

Does this example work for you? If it does
could you please provide a complete example
that produces incorrect output.

 [2002-01-09 16:45 UTC] voltaic at thcnet dot net
I'm truly sorry.  I found that the error was in the database library I was using to take the serialized string and save it in a database, although I'm not clear on why changing the order of operations fixed it (but that's not your job to fix!).  Please cancel/close this faulty bug report and chastise me thoroughly.
 [2002-01-09 16:46 UTC] derick@php.net
user error: bogus
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC