Some have see that code :
<?php
echo stripslashes(json_encode(glob("photos-".$_GET["folder"].'/*.jpg')));
?>
it echo a really nice perfect string like that :
["photos-animaux/ani-01.jpg","photos-animaux/ani-02.jpg","photos-animaux/ani-02b.jpg","photos-animaux/ani-03.jpg","photos-animaux/ani-04.jpg","photos-animaux/ani-05.jpg","photos-animaux/ani-06.jpg","photos-animaux/ani-07.jpg","photos-animaux/ani-08.jpg","photos-animaux/ani-09.jpg","photos-animaux/ani-10.jpg","photos-animaux/ani-11.jpg","photos-animaux/ani-12.jpg","photos-animaux/ani-13.jpg","photos-animaux/ani-14.jpg"]
With json encode it shoul send a array so variable[0] should = to photos-animaux/ani-01.jpg
NOW it is only the fisrt caracter of the string..
how a array get converted to string, and how in javascipt to convert string to array to be able to get value [0] [1] etc..
the question is WHEN or WHY the perfect array get converted to string anyway ?
Using JSON.parse(), from the library available here, is preferable to using eval() since this only reads JSON strings and hence avoids the inherant security risks associated with eval().
In order to parse a JSON-encoded string into actual javascript objects, you need to eval() the data returned in order for javascript to execute against the data:
var data = eval(json_string)
Keep in mind that you should only ever run eval on a string when you trust the source and are sure that there is no possibility of a script injection attack, since javascript will run everything present in the string.
Use one of the JSON libraries listed at the bottom of http://json.org/
WHEN or WHY
If I understood correctly, the answer to both is json_encode(): check out the documentation. Converting a variable to a string (often called serialization or flattening) is a quite common operation.
Related
I import data from WordPress. It is a WebDirectory 2.0 that saves the data as a "strange" string in a database.
Example:
s:95:"a:2:{s:3:"url";s:39:"http://www.google.com/";s:4:"text";s:13:"Website";}";
I have tried json_decode() and unserialize(). Both do not work. They return the string as it is. I can see, this is an array with two values, but how this can be parsed in PHP? In what format this string can be?
If you have this:
echo serialize(serialize(['url'=>'http://www.google.com/','text'=>'Website']));
The output will be
s:71:"a:2:{s:3:"url";s:22:"http://www.google.com/";s:4:"text";s:7:"Website";}";
But what you have is
s:95:"a:2:{s:3:"url";s:39:"http://www.google.com/";s:4:"text";s:13:"Website";}";
Which is different. See, s:95 != s:71, among other elements.
Or this is not a real data or by some reason it's generating extra chars, and causing the problem. I would check how the encoding from both PHP and database to see if all matches.
I am getting JSON files but each file has a code/ID with it, in the beginning
i am trying to make a standard way to crop the strings no matter how the code/ID changes.
so these are 2 JSON files:
a:12{/*JSON DATA HERE*/}
a:130 {/*JSON DATA HERE*/}
a:1 {/*JSON DATA HERE*/}
i did not find a way to locate the first occurrence of "{" and include it in the new string that will also include the rest of the JSON string.
in JAVA it would go something like that, but i need it in php:
String myjson = "a:130{/*JSON here*/}";
String newjson = myjson.substring(myjson.indexOf("{"), myjson.length());
how can i do that in php?
This really seems to be a PHP serialized array (through serialize / unserialize) and not JSON.
PHP uses a:<count>{...} to indicate a serialized array in its format.
If you can trust the data (i.e. not user submitted but generated by a trusted application), don't parse it yourself and use unserialize instead.
The reason why you never should use unserialize on user submitted data that you can't verify independently is that it is able to create objects of a user specific selection, and if the object defines __wakeup, it might be able to coerce the object into performing any operation the attacker want. This is also why there is a large warning on the unserialize manual page.
I am trying to pass an array through a url. I have tried encoding the URL, serializing the URL, serializing and encoding the URL, and no matter what I do, the length of the strings is coming up in the url.
For example, if I pass the array through a URL this way:
<a href='http://splitsum.com/samples/your_store/checkout_form2.php?arr=<?PHP echo serialize($order); ?>'>Next Page</a>
The resulting URL looks like this (with the string count printed out):
.....s:15:%22shipping_method%22;s:20:%22Flat%20Rate%20(Best%20Way)%22;.....
Does anyone know why this is happening? I can var_dump the entire array (and see the string counts on the page) but I cant seem to print individual values in the array. Could it have something to do with a problem in the URL and the printing of the string length?
Thanks!
Because you're using serialize(). You should be using urlencode() instead.
serialize is intended to take internal arbitrary data structures, and encode them into a portable format for re-use in a PHP system somewhere else. It does NOT produce code that is guaranteed valid in a URL context. Basically you're using a hammer to pound in a screw. Use a screwdriver instead.
Note that urlencode will not accept an array. Perhaps http_build_query() would be more appropriate
The length is appearing because you're using serialize. That how it outputs. It's used to store a PHP variable, so that it can be loaded back into PHP again. It's output format contains the length of arrays/strings.
This is the wrong tool for this job. You want to use http_build_query here instead.
<a href='http://splitsum.com/samples/your_store/checkout_form2.php?<?PHP echo http_build_query(array('arr' => $order)); ?>'>Next Page</a>
Then $_GET['arr'] in checkout_form2.php will be your $order array.
More or less, my question is as above.
I have A lot of data i am going to serialize and send to the server. With that said, is there a PHP function to parse it into PHP-objects to manipulate on the Serverside?
My thought is yes due to the dynamic nature of PHP, but i wasnt sure what it would be.
You essentially answered your own question. From the PHP manual entry for json_decode:
json_decode
Takes a JSON encoded string and converts it into a PHP variable.
That said, you'll obviously want to do all the requisite error checking and such.
You can also use json_decode with the true parameter to effectively convert it into to a PHP array like so: $var = json_decode($object,true);
I have some json that i decode using json decode,
however I have floats in the json file, like "58.939020934234" and json_decode parses it as a float (just like it should) however on large numbers its chopping off the ends ( again, like it should ) however this is really bad and I need to find a way to FORCE json_decode to parse EVERYTHING as a string.
I read the documentation and the forth parameter is a flag and we can pass the const JSON_BIGINT_AS_STRING which I think is what I need, however when I try this i get an error saying json_decode does not accept 4 arguments! I'm running php5.
Does anybody know of another I could force this json to be parsed as string?
The options parameter was added in PHP 5.4, which isn't stable yet. This from the changelog on the man page for json_decode:
5.4.0 The options parameter was added.