foreach and quotes

Anon

Hi all,

I am having a problem with a foreach loop. I am pulling serialized data from a mysql db. I stripslashes and unserialize and then throw the array into the foreach loop. But if the entry has a quote, I am getting the error Warning: Invalid argument supplied for foreach() in ... on line 118.

It is looping threw and pulling the info that does not have quotes, but giving me the error when there are quotes.

I thought the stripslashes at the beginning would take care of this, but obviously, I am wrong. Any help would be much appreciated!!!

The code:
117: $answers = unserialize(stripslashes($test_array["answers"]));
118: foreach ($answers as $key => $val) {
119: $number = $key + 1;
120: echo "\n<tr valign=\"top\"><td width=\"1%\"><input type=\"radio\" name=\"q[" . $test_array["question_num"] . "]\" value=\"" . $key . "\"";

122: if ($HTTP_POST_VARS["q"]) {
123: if ($key == $HTTP_POST_VARS["q"][$j]) {
124: echo " checked";
125: }
126: }
127: echo "></td><td width=\"1%\">" . $alphabet[$key] . ".</td><td>" . $val . "</td></tr>\n";
128: }

Anon

Just thought I would let anyone who is interested know that the problem has been solved. This from the notes under unserialize on php.net:

When you serialize a variable using serialize(addslashes(variable)) before placing it into a MySql database, just use unserialize(variable) and not unserialize(stripslashes(variable)) when attempting to retrieve it.

The reason is that MySql will remove the slashes anyway when it stores the variable. All that happens when you strip slashes on the retrieved variable is that you are setting yourself up for a failed unserialize. Say you had r/3 as one of your entries and this becomes r3 after the strip slashes, unserialize will fail.

So: unserialize(variable) not unserialize(stripslashes(variable)) when
retrieving from MySql database.

I just took out the initial stripslashes and then stripslashed right before echoing out the $val.:

$answers = unserialize($test_array["answers"]);
foreach ($answers as $key => $val) {
  echo "\n<tr valign=\"top\"><td width=\"1%\"><input type=\"radio\" name=\"q[" . $test_array["question_num"] . "]\" value=\"" . $key . "\"";
  if ($HTTP_POST_VARS["q"]) {
    if ($key == $HTTP_POST_VARS["q"][$j]) {
      echo " checked";
    }
  }
  echo "></td><td width=\"1%\">" . $alphabet[$key] . ".</td><td>" . stripslashes($val) . "</td></tr>\n";
}