serialize() and $this->input->post('variable', TRUE);

[eluser]monkster[/eluser]
Hi,

I understand that $this->input->post('variable', TRUE); will "run the data through the XSS filter".

now, what if "variable" has been previously run through serialize(), will $this->input->post('variable', TRUE) still be able to do the XSS filtering properly?

Thanks.

Eric

[eluser]Matthew Lanham[/eluser]
Well if your serialize an array its not an array, its a string, so i would imagine that you will have to unserialize first

[eluser]monkster[/eluser]
So the way is to unserialize() and then run each element of the array to xss_clean() using a foreach loop?

[eluser]monkster[/eluser]
[quote author="swanweb" date="1204254477"]Well if your serialize an array its not an array, its a string, so i would imagine that you will have to unserialize first[/quote]

Don't think I can run xss_clean through an array as it is. I was thinking, since I serialized the array, it's now a string that can be passed to xss_clean(). Question is, can xss_clean() do its job, since the string may look weird (cos it's been serialized?).