Which template sends/submits the data to the database

Dear xnau,

Lately i have been working with my own created code for checkbox searching / retrieving.

The problem now is that i have created a piece of code that ‘gets’ the submitted checkboxes – turn it into a string variable and that string variable is being used in the query to retrieve the information. See code below:

if(!empty($_POST['columns'])) { // empty() checks if the value is set before checking if it's empty.

    foreach($_POST['columns'] as $key_post=>$value_post){
	// Runs mysql_real_escape_string() on every value encountered.
        $clean_criteria = array_map('mysql_real_escape_string', $_REQUEST['columns']);

        // Convert the array into a string.
        $criteria = implode("','",$clean_criteria);

    }
	echo $criteria;
	$tmp = $wpdb->get_results("
        SELECT
            name_of_living_lab, location_of_living_lab, type_of_living_lab, theme_of_living_lab, stage_of_living_lab, living_lab_document
        FROM
            wp_participants_database
        WHERE
			stage_of_living_lab IN ('$criteria')
		ORDER BY
			name_of_living_lab ASC
    ");

Though, the problem is that when i submit data to the database using checkbox, WordPress formats the value to the database into these weird characters: a:2:{i:0;s:0:””;i:1;s:10:”Prevention”;}

I have read something about this and this can be fixed by coverting the passed data with unserialize, like so for example:

$string = 'a:2:{i:0;s:0:"";i:1;s:10:"Prevention";}';
$array = unserialize($string);

The question however is where i can add this unserialize.. i think it should be done at the piece of code where the data is being submitted to the database. But which template and more specific, which line of code is that. Obvious the $string of the example will also not be a literal string but some sort of variable.

https://wordpress.org/plugins/participants-database/