Safe Unserialization


As you might have heard about the Unserialization exploit , PHP 7 has overcome this issue but since it hasnt yet released, I was looking for an alternate way to implement the same in unseriallization.

Can someone please help me with the same.

Well thats rather vague. What precisely are you unserializing? What’re you expecting it to be when you’re done? Why are you unserializing at all?

I am serializing user data and then saving it in db, when retrieving data i am unserializing it and then rendering it.

Why do you use this ugly default PHP serialization at all?
There exist much more human-readable, compact and portable formats, like YAML and JSON.

Bro, I am looking for a solution regarding unserialization and not an alternate :frowning:

There is so much wrong with doing that I don’t really know where to start except to suggest that you look up what normalizing a database means.

1 Like

This is akin to saying “I’m looking for a way to make toast using an engine block, i’m not interested in a toaster.”

The way to secure deserialization is to secure the serialization in the first place. As the saying goes, Garbage In, Garbage Out.

Ok how do I secure the serialization?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.