When we pass this data to WordPress' Post Meta system:
[ 'item' => '\\' ]
We get this:
a:1:{s:4:"item";s:1:"\";}
Serialized data should be treated as-is; it's why we use serialization over JSON in the first place.
Method mysql_escape_mimic() double-escapes these strings.
When passing the serialized metadata, we get this:
a:1:{s:4:\"item\";s:1:\"\\\";}
With that, the string is now broken, and unserializing it would return (bool) false.
When we pass this data to WordPress' Post Meta system:
We get this:
Serialized data should be treated as-is; it's why we use serialization over JSON in the first place. Method
mysql_escape_mimic()
double-escapes these strings.When passing the serialized metadata, we get this:
With that, the string is now broken, and unserializing it would return
(bool) false
.