I have some problem regarding serialize() and unserialize() .
I am writing a function for Wordpress, the function is actually a settings page and I am trying to export and import the array of the settings using two input fields.
The code (and page) is a bit long , so I post it HERE ON PASTEBIN , which is a bit more comfortable .
The problem that I have though, is that wordpress saves the options (or settings ) using the settings API as a serialized array.
The function I have can successful show the options like :
a:10:{s:24:"brsa_copyright_meta_text";s:0:"";s:25:"brsa_remove_menu_css_list";s:0:"";s:19:"brsa_remove_submenu";s:0:"";s:21:"brsa_remove_menu_list";s:0:"";s:15:"brsa_footer_txt";s:0:"";s:22:"brsa_dash_wdgt_content";s:0:"";s:36:"brsa_add_custom_login_message_string";s:0:"";s:21:"brsa_login_url_string";s:0:"";s:21:"brsa_login_alt_string";s:0:"";s:14:"brsa_login_img";s:0:"";}
which is ok . it is serialized , but when I try to insert it to the DB (or show it on the other field by pressing the import button) it actually being escaped i think, and in any way , it does not insert to the DB as serialized , but as a string ..
a:10:{s:24:\"brsa_copyright_meta_text\";s:0:\"\";s:25:\"brsa_remove_menu_css_list\";s:0:\"\";s:19:\"brsa_remove_submenu\";s:0:\"\";s:21:\"brsa_remove_menu_list\";s:0:\"\";s:15:\"brsa_footer_txt\";s:0:\"\";s:22:\"brsa_dash_wdgt_content\";s:0:\"\";s:36:\"brsa_add_custom_login_message_string\";s:0:\"\";s:21:\"brsa_login_url_string\";s:0:\"\";s:21:\"brsa_login_alt_string\";s:0:\"\";s:14:\"brsa_login_img\";s:0:\"\";}
..Making the whole code unusable. The relative part of the code is this :
$my_options = get_option( 'o99_brsa_settings' );
$currentsettings = "";
if ( isset( $_POST['import'] ) && trim($_POST['exccc']) != "" ) {
$currentsettings = $_POST['exccc'];
update_option( 'o99_brsa_settings', serialize($currentsettings));
} elseif ( isset( $my_options ) && ( $my_options != "" ) ) {
if ($o99_brsa_options['brsa_keep_settings_exp'] !='') {
$currentsettings = $o99_brsa_options['brsa_keep_settings_exp'];
} else {
$currentsettings = serialize( $my_options );
}
}
Although I do believe that the -- whole code -- should be seen in order to understand how it should work..
Except for the fac that it does not work, I am not quite sure in anything as to what is the problem, but first I would like to know why is the value being /escaped/ and how to prevent it ?
Any other help would also be greatly appreciated ..
Your server might have magic_quotes enabled. Ask your administrator to disabled it.