php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14819 str_replace used with serialize
Submitted: 2002-01-02 23:49 UTC Modified: 2002-01-09 16:46 UTC
From: voltaic at thcnet dot net Assigned:
Status: Closed Package: Strings related
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: voltaic at thcnet dot net
New email:
PHP Version: OS:

 

 [2002-01-02 23:49 UTC] voltaic at thcnet dot net
Two lines like this:
$myarray[ 2 ] = str_replace( "'", "", $mystring );
$myserial = serialize( $myarray );

produce a serialized array in $myserial but it contains the wrong length or sometimes the wrong value for the string I inserted.  It sometimes deletes the "'" and the following character, sometimes deletes just the "'" but has the wrong length of the string encoded in the serialized variable.  

An example of $myserial would be:
a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:5:"dont";} 
Which encodes the wrong length for the final string.

It works correctly when I break it into three lines:
$mystring = str_replace( "'", "", $mystring );
$myarray[ 2 ] = $mystring;
$myserial = serialize( $myarray );

An example of $myserial would be:
a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:4:"dont";} 
Which encodes the correct length for the final string.

This only appears to happen if there is a str_replace match in the string.  If there is no match for the str_replace function, the glitch doesn't seem to appear.  Thanks.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-03 01:28 UTC] georg@php.net
Just tested it with 4.0.6 and 4.1.0
All seems to be ok.

Can you send me your configuration options?


 [2002-01-03 03:56 UTC] sander@php.net
Status -> feedback
 [2002-01-04 20:55 UTC] voltaic at thcnet dot net
Here are my configuration options:

'./configure' '--prefix=/usr/local'
'--with-apache=/usr/local/src/Apachetoolbox-1.5.19/apache_1.3.19'
'--enable-exif' '--enable-memory-limit=yes' '--enable-track-vars'
'--with-calendar=shared' '--enable-safe-mode' '--enable-magic-quotes'
'--enable-trans-sid' '--enable-wddx' '--enable-ftp' '--with-mysql'
'--with-mysql=/usr/local/mysql' '--with-openssl'

 [2002-01-05 08:05 UTC] edink@php.net
Cannot reporoduce this:

$mystring="don't";
$myarray[ 0 ] = "s1";
$myarray[ 1 ] = "s2";
$myarray[ 2 ] = str_replace( "'", "", $mystring );
$myserial = serialize( $myarray );
print $myserial."\n";

prints correctly:

a:3:{i:0;s:2:"s1";i:1;s:2:"s2";i:2;s:4:"dont";}

in PHP 4.0.5, PHP 4.1.1, adn PHP 4.2.0-dev.

Does this example work for you? If it does
could you please provide a complete example
that produces incorrect output.

 [2002-01-09 16:45 UTC] voltaic at thcnet dot net
I'm truly sorry.  I found that the error was in the database library I was using to take the serialized string and save it in a database, although I'm not clear on why changing the order of operations fixed it (but that's not your job to fix!).  Please cancel/close this faulty bug report and chastise me thoroughly.
 [2002-01-09 16:46 UTC] derick@php.net
user error: bogus
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 23:01:26 2024 UTC