Securit risks of serializing from PHP to MySQL?

I'm serialising PHP arrays for storage in a MySQL TEXT field (as you do), and I'm wondering if I need to take any preca开发者_如何学Pythonutions regarding injection attacks (do I need to base64 encode it, for example). Also, can anyone offer a good way of storing an array in a MySQL DB so that a FULLTEXT search will work on it reasonably well? Serialized data might work ok-ish, but it might not. Does anyone have any experience with this?

Thanks,

James

If you use a parameterized query, where you separate your actual SQL code from the content, you do not need to worry about injection.

The default in PHP, as you seem to use, would be using PDO. CHeck the manual pdo::prepare