So I need to run a serialization and then htmlspecialchars w/ ENT_QUOTES to make it safe for both a url as well as linking to that url in HTML / javascript.
I’mmm having problems decoding when I add in the ENT_QUOTES portion…
htmlspecialchars(serialize($my_array), ENT_QUOTES);
unserialize(htmlspecialchars_decode($this->getRequest()->getParam("details"))); //first line is posted to new script
I’ve trid the decode with the ENT_QUOTES argument, as well as messed with htmlentities with no avail. I don’t think it’ll be necessary to provide the data within the array, just know that it has apostrophes
And I think cpradio is right that urlencode() is probably more suited for urls - if you add serialized data to a url then most probably you pass it in the query string, in which case htmlspecialchars is not enough and the data will become corrupt on certain characters (this also applies if you use mod_rewrite so as to make nicer urls). htmlspecialchars is just a general escaping function for any data you put into html attributes and it does not cover escaping for urls.
Edit: even if you use base64_encode you need to escape the string with urlencode before putting it in the url, because base64-encoded data may contain special characters like +, / and = - you will then not be able to properly receive the data using $_GET. This eventually makes base64_encode not necessary for passing data via urls unless you want to add some visual obfuscation :).
Oh, I didn’t notice… But can you post some sample data and code that illustrates this doesn’t work? This is weird because I have tested this with data containing apostrophes and htmlspecialchars_decode works as expected.