[development] db_query and serialized arrays

Peter Wolanin pwolanin at gmail.com
Mon Sep 3 18:57:32 UTC 2007

Are you using a '%s' placeholder in your query?  That should run the
serialized string through the proper escaping function.  Drupal stores
to the DB serialized arrays in many places, so this certainly works.


On 9/3/07, William Smith <william.darren at gmail.com> wrote:
> Hi all -
> I have an sql query that needs to insert a serialized array as one of the
> columns.  However, the serialized data never makes it properly into the DB,
> I think because db_query strips out the curly braces.  Take the following
> serialized associative array:
> 'a:2:{s:10:"Cardiology";s:10:"Cardiology";s:11:"Dermatology";s:11:"Dermatology";}'
> This ends up being stored as
> 'a:2:s:10:"Cardiology";s:10:"Cardiology";s:11:Dermatology";s:11:Dermatology";'
> (no curly braces), and I am therefore unable to unserialize() it.
> What is the way around this, other than fudging it and taking my result as a
> string and manually pushing the curly braces into place before attempting to
> unserialize?
> Thanks,
> William

More information about the development mailing list