[Phpmyadmin-devel] unserialize in user preferences

Marc Delisle marc at infomarc.info
Wed Feb 9 11:31:19 CET 2011

Le 2011-02-09 05:28, Michal Čihař a écrit :
> Hi all
> while looking at user preferences I've noticed that it uses
> serialize/unserialize for storing the data in database. As this
> functions is quite famous in terms of security, I think we
> should avoid this.
> Any reason for not using json encoding there instead? It encodes just
> the data and would not possibly call PHP code as unserialize could do
> because of objects with __wakeup() methods.

It's also used in PHPExcel, TCPDF and tracking feature.

Marc Delisle

More information about the Developers mailing list