Discussion:
save $_GLOBALS to a database field
Ramiro Barrantes
2013-11-14 21:40:23 UTC
Permalink
Hello,

I would like to record, on a database, the global variables $_POST and $_SERVER for each action that the user does that involves a modification of the database. I am just saving, say $_POST or $_SERVER (and others), as a string and putting it in a field on the database.

However, when I try to get the info out of the database and access it as an XML (using the DOMDocument library) it becomes a pain to handle due to all the special characters (I think, as I haven't been able to get it to work), for example:

Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0

(I seem to need to replace all the "/"s)

It's a pain, and I would like not to have to replace special characters with preg_replace if possible.

Any suggestions? I have been having a lot of trouble with this.

Thanks in advance,

Ramiro
Ashley Sheridan
2013-11-14 21:58:11 UTC
Permalink
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a
modification of the database. I am just saving, say $_POST or
$_SERVER (and others), as a string and putting it in a field on the
database.
However, when I try to get the info out of the database and access it
as an XML (using the DOMDocument library) it becomes a pain to handle
due to all the special characters (I think, as I haven't been able to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions? I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
Why are you converting the arrays into xml at all? Serialise the data instead, xml is unnecessary here and will cause you problems as you've found.

Thanks,
Ash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Shawn McKenzie
2013-11-14 22:38:39 UTC
Permalink
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.


On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database. I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions? I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
m***@behnke.biz
2013-11-15 08:39:05 UTC
Permalink
For several reasons I would also vote for json_encode over serialize. Serialize
is very sensitive when it comes to modifications on the serialized string. Use
json instead.

Current versions of database systems also support json as column type
Post by Shawn McKenzie
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.
On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database.   I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions?  I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3

Tel.: 0174 / 9722336
e-Mail: ***@behnke.biz

Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal

http://www.behnke.biz
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tamara Temple
2013-11-16 01:52:11 UTC
Permalink
Or run it through base64_encode after json_encode, never have to worry about quotes and things.
Post by Shawn McKenzie
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.
On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database. I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions? I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Robert Cummings
2013-11-16 02:38:31 UTC
Permalink
You have other problems if you think base64_encode is the solution to
the hassle of escaping your query properly.

Cheers,
Rob.
Post by Tamara Temple
Or run it through base64_encode after json_encode, never have to worry about quotes and things.
Post by Shawn McKenzie
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.
On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database. I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions? I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tamara Temple
2013-11-18 03:11:50 UTC
Permalink
ANd this wasn’t a query. It was insertion of raw data.
You have other problems if you think base64_encode is the solution to the hassle of escaping your query properly.
Cheers,
Rob.
Post by Tamara Temple
Or run it through base64_encode after json_encode, never have to worry about quotes and things.
Post by Shawn McKenzie
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.
On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database. I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions? I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
m***@behnke.biz
2013-11-17 22:02:25 UTC
Permalink
There is no need for escaping if you use prepared statements, which everyone
should do.
Post by Tamara Temple
Or run it through base64_encode after json_encode, never have to worry about
quotes and things.
Post by Shawn McKenzie
If you are for example saving the entire $_POST array in a text field of
your DB, then just serailize() it or json_encode() it and run it through
the appropriate real_escape_string() function if you're not using prepared
statements or other custom escaping.
On Thu, Nov 14, 2013 at 3:40 PM, Ramiro Barrantes <
Post by Ramiro Barrantes
Hello,
I would like to record, on a database, the global variables $_POST and
$_SERVER for each action that the user does that involves a modification of
the database.   I am just saving, say $_POST or $_SERVER (and others), as a
string and putting it in a field on the database.
However, when I try to get the info out of the database and access it as
an XML (using the DOMDocument library) it becomes a pain to handle due to
all the special characters (I think, as I haven't been able to get it to
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
(I seem to need to replace all the "/"s)
It's a pain, and I would like not to have to replace special characters
with preg_replace if possible.
Any suggestions?  I have been having a lot of trouble with this.
Thanks in advance,
Ramiro
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3

Tel.: 0174 / 9722336
e-Mail: ***@behnke.biz

Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal

http://www.behnke.biz
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Continue reading on narkive:
Loading...