I've made a test script to try putting a serialized object into an SQL database, and then pulling it back out. The object is first stored serialized into a session variable, unserialized and displayed in a form, re-serialized and sent via session to another form, where it is put, serialized, into a hidden control that form. Then it is sent by POST to this script, which stores, then gets, the object from an sql database.

Here is where it is stored into the DB. (The ObjectString is coming from a hidden control on another page, it is the serialized string of the object)

$conn = new mysqli("localhost", "root", "----", "test");
	$query = "INSERT INTO object (Object) VALUES ('{$_POST['ObjectString']}')";
	$result = $conn->query($query);

Here is where it is pulled from the DB:

	$query = "SELECT * FROM object";
	$result = $conn->query($query);

$row_data = $result->fetch_array(1);
$obj = unserialize($row_data['Object']);
echo "phone" . $obj->phone;

When I try and run this, it gives me two errors:

Notice: unserialize() [function.unserialize]: Error at offset 0 of 4 bytes in ...

Notice: Trying to get property of non-object in ... on line 32

The second is of course because the object is not being unserialized.

Any ideas why this is happening? My SQL table only has one column, named Object, and is a text data type.

Any responses would be greatly appreciated!

...unserialized and displayed in a form...

Huh? What is there to display? Are you by any chance actually displaying the output of its __toString() "magic" method, which when submitted and then serialized would have nothing to do with the serialization of an actual object (as far as I know)?

PS: Another issue of note is that before you can unserialize an object you must first load its class definition(s).

I mean I'm accessing the object properties and displaying them in text boxes.

ie,

<input type="text" name="Phone" value="{Object->Phone}">

That part works fine, the problem only occurs when I try and pull it out of the database, so that I think is unrelated, unless it loses something in transmission via post when I put the serialized object into a form, like this:

<?php
$object = $_SESSION['Object']

echo <<<EOM

<input type="hidden" name="ObjectString" value="$object">

EOM;
php?>

That hidden value is sent to another page by post, and there it is stored in an SQL datbase, retrieved, and when I try to unserialize THAT string back into the origional object, the error occurs.

I do have the class definition everywhere that the object is unserialized.

First thing that comes to mind is, if it's already stored in the session data, why try to also send it as a hidden form field? Seems like an unnecessary use of bandwidth, unless I'm missing something, plus then it would avoid any problems occurring during the transmission to and from the client.

Assuming you have a good reason, only other thing I can think of would be if you have magic_quotes_gpc enabled and it's mucking up the string with back-slashes you would then need to strip out (though it would be better to just turn off magic_quotes_gpc if possible).

PS: Should you discover that you do not, in fact, need to put this object into the form field, note that if you save an object to $_SESSION it is automatically serialized, so you would not need to serialize it for that purpose; though that does mean you have to load the class definition before you do your session_start(), then.

This whole script is just me trying out the serialize/unserialize functions, and how the data is transmitted in general. It's an experiment, so it doesn't have a practical application. I understand that I could very easily use a session to store the object, but I want to see if it's possible to send via post, in case that comes up for whatever reason.

Thank's for the idea about backslashes, I'll try that.

I was more curious about what this error means, it's referring to the line where I try to unserialize the string from the SQL database. Have you ever come across it before? (I tried searching these forums, but nothing applied to my situation)

I've not come across it, but I've really not had reason to use serialize, yet. It might be informative to do a var_dump() of the serialized variable at different points in the code when it's created, retrieved, etc. and see if/when it changes. From the error message, it would appear that the very first character (offset 0) is being affected at some point, so it sounds like you might not have to read too far into the string.

You see I was having trouble with that too. But in this case I was sending serialized data from a checkbox form field to the next page so that I can edit the data in a text box form on the next page. It wouldn't work at all at first then I found out slashes were being added to the serialized data I fixed that by using stripslashes on the serialized string. I though that was it and that part did work. But another problem I found was if you send data from one form to another page that contains daa with newlines in it. On the next page I that any variables with multiple lines will get a pesky \n character added and that was the whole issue. Everything unserializes fine now.

Here is a sample code of how I fixed up my issue, might just fix your issue too

$string = stripslashes($_POST['id'][0]);
$string = str_replace("\n","",$string);
$data = unserialize($string)

Hey,

got the same problem as you.

In my case there were german umlauts. In order to fix this problem I used utf8_decode and encode

$string = utf8_encode($string);
$string= unserialize($string);
$string= utf8_decode($string);

Hope it helps.

Cheers,
Matthias
from eCommerce München