Hi I have a api call that returns a string like the following, and I need to convert it in a JSON object to process.
"a:1:{s:19:\"is_featured_service\";b:0;}"
That's a serialize()d string. unserialize() it, then json_encode() it:
<?php
$string = "a:1:{s:19:\"is_featured_service\";b:0;}";
$json = json_encode(unserialize($string));
var_dump($json);
Be careful, though. Per PHP manual:
Warning Do not pass untrusted user input to unserialize() regardless
of the options value of allowed_classes. Unserialization can result in
code being loaded and executed due to object instantiation and
autoloading, and a malicious user may be able to exploit this. Use a
safe, standard data interchange format such as JSON (via json_decode()
and json_encode()) if you need to pass serialized data to the user.
Demo
serialize() reference
unserialize() reference
Related
Hi I have a api call that returns a string like the following, and I need to convert it in a JSON object to process.
"a:1:{s:19:\"is_featured_service\";b:0;}"
That's a serialize()d string. unserialize() it, then json_encode() it:
<?php
$string = "a:1:{s:19:\"is_featured_service\";b:0;}";
$json = json_encode(unserialize($string));
var_dump($json);
Be careful, though. Per PHP manual:
Warning Do not pass untrusted user input to unserialize() regardless
of the options value of allowed_classes. Unserialization can result in
code being loaded and executed due to object instantiation and
autoloading, and a malicious user may be able to exploit this. Use a
safe, standard data interchange format such as JSON (via json_decode()
and json_encode()) if you need to pass serialized data to the user.
Demo
serialize() reference
unserialize() reference
I want to base64_encode the parameters I send over the url.
Send:
<?php
$product = array("productID"=>"13776", "name"=>"something", "availability"=>"1000");
$url_details = "?id=" . base64_encode(http_build_query($product));
?>
Details
Receive:
<?php
$details = base64_decode($_GET["id"]);
// $product = what is the best way to reconstruct the array from $details?
?>
<p>
Name: <?php echo $products["name"]; ?>
...
</p>
The encoding destroys the array, is there a convenient way to make an associative array out of the string again?
(the encoded url is not sensitive information, but I still do not want it to be flat out readable in the url. If there is a better way to pass this data between pages than what I am doing, let me know)
parse_str is the inverse of http_build_query, so to recover your data:
parse_str(base64_decode($_GET["id"]), $details);
Note that parse_str is harmful if called with only one argument.
And as an aside, you may not want to put this kind of information into the URL to begin with, since it can be easily disclosed to third parties, via the Referrer header, for instance.
You can serialize() your array:
<?php
$product = array("productID"=>"13776", "name"=>"something", "availability"=>"1000");
$url_details = base64_encode(serialize($product));
And then, on your end page unserialize() it:
<?php
$details = unserialize(base64_decode($url_details));
Demo
However you need to be careful and do thorough checking of what you're receiving, since unserialize() will execute arbitrary code sent by the client. For example, I can serialize() my own array, then base64_encode() it, and pass it to the URL in the id parameter, and I can do pretty nasty stuff. So definitely check what you're getting in the request!
From the manual:
Warning
Do not pass untrusted user input to unserialize() regardless of the
options value of allowed_classes. Unserialization can result in code
being loaded and executed due to object instantiation and autoloading,
and a malicious user may be able to exploit this. Use a safe, standard
data interchange format such as JSON (via json_decode() and
json_encode()) if you need to pass serialized data to the user.
Here's a comprehensive article on the matter. Give it a read!
As the manual says, you can also probably accomplish what you're trying to do with json_encode() and json_decode(), though the same warning remains, check that what you're getting is what you're supposed to get and sanitize it.
I am getting JSON files but each file has a code/ID with it, in the beginning
i am trying to make a standard way to crop the strings no matter how the code/ID changes.
so these are 2 JSON files:
a:12{/*JSON DATA HERE*/}
a:130 {/*JSON DATA HERE*/}
a:1 {/*JSON DATA HERE*/}
i did not find a way to locate the first occurrence of "{" and include it in the new string that will also include the rest of the JSON string.
in JAVA it would go something like that, but i need it in php:
String myjson = "a:130{/*JSON here*/}";
String newjson = myjson.substring(myjson.indexOf("{"), myjson.length());
how can i do that in php?
This really seems to be a PHP serialized array (through serialize / unserialize) and not JSON.
PHP uses a:<count>{...} to indicate a serialized array in its format.
If you can trust the data (i.e. not user submitted but generated by a trusted application), don't parse it yourself and use unserialize instead.
The reason why you never should use unserialize on user submitted data that you can't verify independently is that it is able to create objects of a user specific selection, and if the object defines __wakeup, it might be able to coerce the object into performing any operation the attacker want. This is also why there is a large warning on the unserialize manual page.
I have a string, more specifically, this one:
a:16:{s:9:"pseudonym";O:16:"SimpleXMLElement":0:{}s:14:"parallel_title";O:16:"SimpleXMLElement":0:{}s:9:"title_var";O:16:"SimpleXMLElement":0:{}s:6:"series";O:16:"SimpleXMLElement":0:{}s:9:"vol_title";O:16:"SimpleXMLElement":0:{}s:9:"reference";O:16:"SimpleXMLElement":0:{}s:10:"bound_with";O:16:"SimpleXMLElement":0:{}s:15:"general_remarks";O:16:"SimpleXMLElement":0:{}s:6:"copies";O:16:"SimpleXMLElement":1:{i:0;s:1:"1";}s:11:"remarks_BPH";O:16:"SimpleXMLElement":0:{}s:3:"ICN";O:16:"SimpleXMLElement":1:{i:0;s:4:"neen";}s:10:"provenance";O:16:"SimpleXMLElement":0:{}s:7:"binding";O:16:"SimpleXMLElement":0:{}s:10:"size_hxwxd";O:16:"SimpleXMLElement":0:{}s:6:"BookID";O:16:"SimpleXMLElement":1:{i:0;s:4:"6271";}s:5:"repro";O:16:"SimpleXMLElement":0:{}}
Is it possible to parse this string somehow? I need to display the keys and values in a list. I tried to use json_decode but it doesn't return anything, even with the second parameter set to true:
json_decode($string,true);
It's not JSON, it's serialized PHP. Use unserialize().
It's serialize object
Read more on PHP website
I have my data stored in a JSON string like these...
a:1:{s:15:"s2member_level1";s:1:"1";}
How can i read this values in mysql?
I need to know if the value "s2member_level1" is 1.
Thanks!!!
That's not JSON but a string resulted from calling serialize() in PHP. You cannot parse it easily in MySQL. If you can use PHP, use the unserialize function:
$obj = unserialize($data_from_mysql);
if ($obj['s2member_level1'] == 1) {
// more code here
}
You can convert data to JSON in PHP using the json_encode function. In a similar way, you construct an object from a JSON string using json_decode.
#Lekensteyn is correct, but you could do a like statement, although its performance would most likely be very poor. My true answer is to change how you store this information to take advantages of best performing queries.
select * from table
where column like '%s:15:"s2member_level1";s:1:"1";%';
#Lekensteyn is right about the type of this particular String, but for others, PHP has json_decode which you can use to convert a JSON object to a PHP object. It would be considerably more difficult to read such an object using MySQL only.
This is no json, but serialized data. It was probably serialized with the 'serialize' function of PHP. Try:
print_r(unserialize('a:1:{s:15:"s2member_level1";s:1:"1";}'));
... to unserialize it.