Always use mysql_real_escape_string
when dealing with strings that may have quotation marks / slashes. If you do not, you will receive hacked / malicious requests. The output of serialize()
sometimes has quotes / slashes, so you should use it. However, there is no need to serialize each element of the array in advance.
$details['name'] = $_POST['name']; $details['email'] = $_POST['email']; $details['phone'] = $_POST['phone']; $serializedDetails = mysql_real_escape_string(serialize($details));
As an example: serializing "hello" will give you: s:5:"hello"
.
$data = 's:5:"hello"'; $query = 'INSERT INTO tbl (data) VALUES ("' . $data . '")';
source share