Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Dec 2006
    Location
    In the wilderness
    Posts
    106
    Thanks
    9
    Thanked 5 Times in 5 Posts

    Question Unserailizing cookies values?

    Hi, I am trying to learn a bit about cookies and sessions and at the moment how to store array values into a cookie using serialize. I have a simple form (nothing fancy) where im serializing the $_POST values and putting them into the setcookie value. This works ok, the cookie gets written, however when I try to retrieve the cookie information by unserializing it on the next page. I get the following message:

    Code:
    Notice: unserialize() [function.unserialize]: Error at offset 9 of 60 bytes in C:\Program Files\xampp\htdocs\sites\testsite\checksession.php on line 24
    string(60) "a:3:{i:0;s:8:\"karlosio\";i:1;s:6:\"123456\";i:2;s:1:\"1\";}"
    Here is my code:

    Page 1 (with form):

    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_POST['submit']))
    {
        
    $username $_POST['username'];
        
    $password $_POST['password'];
        
    $remember $_POST['rem'];
        
        if(
    $remember == 1)
        {
            
    $arr[] = $username;
            
    $arr[] = $password;
            
    $arr[] = $remember;
            
    $s serialize($arr);
            
    setcookie("Mysite"$stime() + 86400);
        }
        
        
    $_SESSION['username'] = $username;
        
    $_SESSION['password'] = $password;
        
    header("Location: checksession.php");
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <body>
    <?php
    if(isset($_GET['do']) && $_GET['do'] == "loggedout")
    {
        echo 
    "<p>You have logged out.</p>";
    }
    ?>
    <form action="" method="post">
    Username:<input type="text" name="username" /><br />
    Password:<input type="password" name="password" /><br />
    Remember Me:<input type="checkbox" name="rem" value="1" />
    <input type="submit" name="submit" value="Login" />
    </form>
    </body>
    </html>
    Page 2:

    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_GET['do']) && $_GET['do'] == "logout")
    {
        
    setcookie("Mysite"''time() - 86400);
        
    $_SESSION = array();
        
    session_destroy();
        
    header("Location: cookies_sessions.php?do=loggedout");
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    </head>

    <body>
    <?php
    if(isset($_SESSION['username']) && isset($_COOKIE['Mysite']))
    {
        echo 
    "<p>Welcome " $_SESSION['username'] . " Your password is " $_SESSION['password'] . "</p>";
        
    unserialize($_COOKIE['Mysite']);
        
    var_dump($_COOKIE['Mysite']);
    ?>
    <a href="checksession.php?do=logout">Logout</a>
    <?php
    } else {
    ?>
    Welcome Guest
    <?php
    }
    ?>
    </body>
    </html>
    "The advantage of computers is that they do exactly what you tell them to do. The disadvantage of computers, on the other hand, is that they do exactly what you tell them to do."

    Excellent resource for learning PHP here

  2. #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    4,065
    Thanks
    3
    Thanked 502 Times in 490 Posts
    magic_quotes_gpc appears to be on and is escaping the special characters in the incoming cookie data. If magic_quotes_gpc is on, use stripslashes() on the data first.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  3. #3
    Regular Coder
    Join Date
    Dec 2006
    Location
    In the wilderness
    Posts
    106
    Thanks
    9
    Thanked 5 Times in 5 Posts
    I've tried stripslashes on it but to no effect, I still get the same message.

    PHP Code:
    if(get_magic_quotes_gpc())
        {
            
    stripslashes($_COOKIE['Mysite']);
        }
        
    unserialize($_COOKIE['Mysite']);
        
    var_dump($_COOKIE['Mysite']); 
    "The advantage of computers is that they do exactly what you tell them to do. The disadvantage of computers, on the other hand, is that they do exactly what you tell them to do."

    Excellent resource for learning PHP here

  4. #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    4,065
    Thanks
    3
    Thanked 502 Times in 490 Posts
    Both stripslashes and unserialize return the result of their operation -

    PHP Code:
    if(get_magic_quotes_gpc())
        {
            
    $_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
        }
        
    $your_array unserialize($_COOKIE['Mysite']);
        
    var_dump($your_array); 
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  5. Users who have thanked CFMaBiSmAd for this post:

    karlosio (10-22-2009)

  6. #5
    Regular Coder
    Join Date
    Dec 2006
    Location
    In the wilderness
    Posts
    106
    Thanks
    9
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    Both stripslashes and unserialize return the result of their operation -

    PHP Code:
    if(get_magic_quotes_gpc())
        {
            
    $_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
        }
        
    $your_array unserialize($_COOKIE['Mysite']);
        
    var_dump($your_array); 
    I see, never thought of that (something so simple). Thanks a lot
    "The advantage of computers is that they do exactly what you tell them to do. The disadvantage of computers, on the other hand, is that they do exactly what you tell them to do."

    Excellent resource for learning PHP here


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •