ID: 14235 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Closed Bug Type: *Languages/Translation Operating System: linux PHP Version: 4.0.6 New Comment:
This bug has already been fixed in the latest released version of PHP, which you can download at http://www.php.net/downloads.php this was fixed in 4.1.x with the switch to a non-sprintf-based serialize implementation. Previous Comments: ------------------------------------------------------------------------ [2001-11-26 10:36:49] [EMAIL PROTECTED] The following script <?php $a=3.14; echo "<pre>$a type ". gettype($a); $olc=setlocale(LC_ALL,0); setlocale(LC_ALL,'de_DE'); echo "\n$a type ". gettype($a); $ser=serialize($a); echo "\nSER: #$ser#\n"; setlocale(LC_ALL,$olc); $b=unserialize($ser); echo "$b type ". gettype($b); ?> .... produces this output: 3.14 type double 3,14 type double SER: #d:3,14;# 3 type double This type of error can happen in cases, where a localized user-fronted stores some vars for example in a Database via serialize and another program (e.g. background process, which doesn't need to be localized) reads it. In those cases, the result is not correct (=error). The problem is, that this is not obvious, because a "normal" programmer trust on serialize(), because the documentation says "serialize() returns a string containing a byte-stream representation of value that can be stored anywhere." In other words: You can trust serialize, that it always can be unserialized. Opportunities to solve the problem: - serialize() stores the vars langague independed (always use '.'). - unserialize() reads double vars either with '.' or ','. - both - unserialize() checks, if serialized string and and resulting type is identical, if not returns with error. - Big hint in docs Maybe it's a good idea to check (un)serialize in general for similar errors. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=14235&edit=1
