[eluser]monkster[/eluser]
[quote author="swanweb" date="1204254477"]Well if your serialize an array its not an array, its a string, so i would imagine that you will have to unserialize first[/quote]
Don't think I can run xss_clean through an array as it is. I was thinking, since I serialized the array, it's now a string that can be passed to xss_clean(). Question is, can xss_clean() do its job, since the string may look weird (cos it's been serialized?).