1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Will tell you the number of characters in a string, no the number of bytes. The example here will only work if the characters in the string are all single byte (i.e. if you may have problems with UTF-8), because PHP's unserialize(), like most PHP string functions, regard 1 char = 1 byte.
ATTENTION to security considerations. Aside from the multibyte charcters problem mentioned above, there is a serious vulnerabilty involved in having the PHP server automatically unserializing strings received from the net: if the serialized string contains php object definitions, the PHP engine will call the magic '__wakeup()' function of the given class.
This means that the client is in fact deciding which php code runs on the server, and opens the door to code injection attacks.
So make sure the php string is properly validated before unserializing it on the server!
For more details see eg: http://ilia.ws/archives/107-Another-unserialize-abuse.html
PS: other libs abound that carry out the js-to-php serialization magic, not only on js arrays but on all datatypes, eg: http://sourceforge.net/projects/jpspan
It can serialize/unserialize N,b,i,d,s,U,r,R,a,O,C.
It is included in PHPRPC: http://sourceforge.net/projects/php-rpc/
@#4 -- Thanks for sharing the good ship!
forgive my ignorance, but off-the-top-of-my-head, I'm stumped on what "N,b,i,d,s,U,r,R,a,O,C" is meant to communicate, so i'm curious. Anyone know?
You can use json_encode() in PHP 5.2.0 and higher, to achieve something similar. http://us3.php.net/manual/en/function.json-encode.php