Fix serialized data broken due to editing MySQL database in a text editor?

Background: I downloaded a *.sql backup of my WordPress site’s database, and replaced all instances of the old database table prefix with a new one (e.g. from the default wp_ to something like asdfghjkl_).

I’ve just learnt that WordPress uses serialized PHP strings in the database, and what I did will have messed with the integrity of the serialized string lengths.

Read More

The thing is, I deleted the backup file just before I learnt about this (as my website was still functioning fine), and installed a number of plugins since. So, there’s no way I can revert back, and I therefore would like to know two things:

  1. How can I fix this, if at all possible?

  2. What kind of problems could this cause?

(This article states that, a WordPress blog for instance, could lose its settings and widgets. But this doesn’t seem to have happened to me as all the settings for my blog are still intact. But I have no clue as to what could be broken on the inside, or what issues it’d pose in the future. Hence this question.)

Related posts

Leave a Reply

6 comments

  1. Visit this page: http://unserialize.onlinephpfunctions.com/

    On that page you should see this sample serialized string: a:1:{s:4:"Test";s:17:"unserialize here!";}. Take a piece of it– s:4:"Test";. That means “string”, 4 characters, then the actual string. I am pretty sure that what you did caused the numeric character count to be out of sync with the string. Play with the tool on the site mentioned above and you will see that you get an error if you change “Test” to “Tes”, for example.

    What you need to do is get those character counts to match your new string. If you haven’t corrupted any of the other encoding– removed a colon or something– that should fix the problem.

  2. I came to this same problem after trying to change the domain from localhost to the real URL. After some searching I found the answer in WordPress documentation:

    https://codex.wordpress.org/Moving_WordPress

    I will quote what is written there:

    To avoid that serialization issue, you have three options:

    • Use the Better Search Replace or Velvet Blues Update URLs plugins if you can > access your Dashboard.
    • Use WP-CLI’s search-replace if your hosting provider (or you) have installed WP-CLI.
    • Run a search and replace query manually on your database. Note: Only perform a search and replace on the wp_posts table.

    I ended up using WP-CLI which is able to replace things in the database without breaking serialization: http://wp-cli.org/commands/search-replace/

  3. I know this is an old question, but better late than never, I suppose. I ran into this problem recently, after inheriting a database that had had a find/replace executed on serialized data. After many hours of researching, I discovered that this was because the string counts were off. Unfortunately, there was so much data with lots of escaping and newlines and I didn’t know how to count in some cases and I had so much data that I needed something automated.

    Along the way, I stumbled across this question and Benubird’s post helped put me on the right path. His example code did not work in production use on complex data, containing numerous special characters and HTML, with very deep levels of nesting, and it did not properly handle certain escaped characters and encoding. So I modified it a bit and spent countless hours working through additional bugs to get my version to “fix” the serialized data.

    // do some DB query here
    while($res = db_fetch($qry)){
        $str = $res->data;
        $sCount=1; // don't try to count manually, which can be inaccurate; let serialize do its thing
        $newstring = unserialize($str);
        if(!$newstring) {
            preg_match_all('/s:([0-9]+):"(.*?)"(?=;)/su',$str,$m);
    #           preg_match_all("/s:([0-9]+):("[^"\\]*(?:\\.[^"\\]*)*")(?=;)/u",$str,$m); // alternate: almost works but leave quotes in $m[2] output
    #           print_r($m); exit;
            foreach($m[1] as $k => $len) {
                /*** Possibly specific to my case: Spyropress Builder in WordPress ***/
                $m_clean = str_replace('"','"',$m[2][$k]); // convert escaped double quotes so that HTML will render properly
                // if newline is present, it will output directly in the HTML
                // nl2br won't work here (must find literally; not with double quotes!)
                $m_clean = str_replace('n', '<br />', $m_clean); 
                $m_clean = nl2br($m_clean);  // but we DO need to convert actual newlines also
                /*********************************************************************/
                if($sCount){
                    $m_new = $m[0][$k].';'; // we must account for the missing semi-colon not captured in regex!
                    // NOTE: If we don't flush the buffers, things like <img src="http://whatever" can be replaced with <img src="//whatever" and break the serialize count!!!                  
                    ob_end_flush(); // not sure why this is necessary but cost me 5 hours!!
                    $m_ser = serialize($m_clean);
                    if($m_new != $m_ser) {
                        print "Replacing: $m_newn";
                        print "With: $m_sern";
                        $str = str_replace($m_new, $m_ser, $str);
                    }
                }
                else{
                    $m_len = (strlen($m[2][$k]) - substr_count($m[2][$k],'n'));
                    if($len != $m_len) {
                        $newstr='s:'.$m_len.':"'.$m[2][$k].'"';
                        echo "Replacing: {$m[0][$k]}n";
                        echo "With: $newstrnn";
                        $str = str_replace($m_new, $newstr, $str);
                    }
                }
            }
            print_r($str); // this is your FIXED serialized data!! Yay!
        }
    }
    

    A little geeky explanation on my changes:

    • I found that trying to count with Benubird’s code as a base was too inaccurate for large datasets, so I ended up just using serialize to be sure the count was accurate.
    • I avoided the try/catch because, in my case, the try would succeed but just returned an empty string. So, I check for empty data instead.
    • I tried numerous regex’s but only a mod on Benubird’s would accurately handle all cases. Specifically, I had to modify the part that checked for the “;” because it would match on CSS like “width:100%; height:25px;” and broke the output. So, I used a positive lookahead to only match when the “;” was outside of the set of double quotes.
    • My case had lots of newlines, HTML, and escaped double quotes, so I had to add a block to clean that up.
    • There were a couple of weird situations where data would be replaced incorrectly by the regex and then the serialize would count it incorrectly as well. I found NOTHING on any sites to help with this and finally thought it might be related to caching or something like that and tried flushing the output buffer (ob_end_flush()), which worked, thank goodness!

    Hope this helps someone… Took me almost 20 hours including the research and dealing with weird issues! 🙂

  4. This script (https://interconnectit.com/products/search-and-replace-for-wordpress-databases/) can help to update an sql database with proper URLs everywhere, without encountering serialized data issues, because it will update the “characters count” that could throw your URLs out of sync whenever serialized data occurs.

    The steps would be:

    1. if you already have imported a messed up database (widgets not
      working, theme options not there, etc), just drop that database
      using PhpMyAdmin. That is, remove everything on it. Then export and
      have at hand an un-edited dump of the old database.

    2. Now you have to import the (un-edited) old database into the
      newly created one. You can do this via an import, or copying over
      the db from PhpMyAdmin. Notice that so far, we haven’t done any
      search and replace yet; we just have an old database content and
      structure into a new database with its own user and password. Your site will be probably unaccessible at this point.

    3. Make sure you have your WordPress files freshly uploaded to the
      proper folder on the server, and edit your wp-config.php to make it
      connect with the new database.
    4. Upload the script into a “secret” folder – just for security
      reasons – at the same level than wp-admin, wp-content, and wp-includes. Do not forget to remove it all once the search and
      replace have taken place, because you risk to offer your DB details
      open to the whole internet.
    5. Now point your browser to the secret folder, and use the script’s fine
      interface. It is very self-explanatory. Once used, we proceed to
      completely remove it from the server.

    This should have your database properly updated, without any serialized data issues around: the new URL will be set everywhere, and serialized data characters counts will be accordingly updated.

    Widgets will be passed over, and theme settings as well – two of the typical places that use serialized data in WordPress.

    Done and tested solution!

  5. If the error is due to the length of the strings being incorrect (something I have seen frequently), then you should be able to adapt this script to fix it:

    foreach($strings as $key => $str)
    {
        try {
            unserialize($str);
        } catch(exception $e) {
            preg_match_all('#s:([0-9]+):"([^;]+)"#',$str,$m);
            foreach($m[1] as $k => $len) {
                if($len != strlen($m[2][$k])) {
                    $newstr='s:'.strlen($m[2][$k]).':"'.$m[2][$k].'"';
                    echo "len mismatch: {$m[0][$k]}n";
                    echo "should be:    $newstrnn";
                    $strings[$key] = str_replace($m[0][$k], $newstr, $str);
                }
            }
        }
    }
    
  6. I personally don’t like working in PHP, or placing my DB credentials in an public file. I created a ruby script to fix serializations that you can run locally:

    https://github.com/wsizoo/wordpress-fix-serialization

    Context Edit:
    I approached fixing serialization by first identifying serialization via regex, and then recalculating the byte size of the contained data string.

    $content_to_fix.gsub!(/s:([0-9]+):"((.|n)*?)";/) {"s:#{$2.bytesize}:"#{$2}";"}
    

    I then update the specified data via an escaped sql update query.

    escaped_fix_content = client.escape($fixed_content)
    
    query = client.query("UPDATE #{$table} SET #{$column} = '#{escaped_fix_content}' WHERE #{$column_identifier} LIKE '#{$column_identifier_value}'")