Summary and comparison of various serializations in php

Serialization is the process of converting a variable into a string that can be saved or transmitted; deserialization is to convert this string into the original variable at the appropriate time use. These two processes combine to easily store and transfer data, making the program more maintainable. Let’s look at the comparison of various serializations in PHP.

Preface

Serialization is the conversion of objectstate to persistable or transportable formatting process. The opposite of serialization is deserialization, which converts a stream into an object. These two processes combine to easily store and transfer data.

The process of converting an object's state information into a form that can be stored or transmitted. During serialization, an object writes its current state to temporary or persistent storage. Later, the object can be recreated by reading or deserializing the object's state from the store.

Normally, all fields of an object instance will be serialized, which means that the data will be represented as the serialized data of the instance. This way, code that can interpret the format may be able to determine the value of the data without relying on the accessibility of the member. Similarly, deserialization extracts data from the serialized representation and sets object state directly, again regardless of accessibility rules. Any object that may contain important security data should be made non-serializable if possible. If it must be serializable, try to generate specific fields to hold important data that is not serializable. If this is not possible, you should be aware that the data will be exposed to any code with serialization permissions, and ensure that no malicious code gains that permission.

serialize and unserializeFunction

These two are serialization and deserialization of data in PHP Commonly used functions. Favorable for storing or passing PHP values ​​without losing their type and structure.

<?php

$a = array(&#39;a&#39; => &#39;Apple&#39; ,&#39;b&#39; => &#39;banana&#39; , &#39;c&#39; => &#39;Coconut&#39;);

//序列化数组
$s = serialize($a);
echo $s;
//输出结果：a:3:{s:1:"a";s:5:"Apple";s:1:"b";s:6:"banana";s:1:"c";s:7:"Coconut";}

echo &#39;<br /><br />&#39;;

//反序列化
$o = unserialize($s);

print_r($o);
//输出结果 Array ( [a] => Apple [b] => banana [c] => Coconut )

?>

Problems may occur when array values ​​contain characters such as double quotes, single quotes, or colons after they are deserialized. To overcome this problem, a neat trick is to use base64_encode and base64_decode.

$obj = array();
//序列化
$s = base64_encode(serialize($obj));
//反序列化
$original = unserialize(base64_decode($s));

但是base64编码将增加字符串的长度。为了克服这个问题，可以和gzcompress一起使用。

//定义一个用来序列化对象的函数

function my_serialize( $obj )
{
 return base64_encode(gzcompress(serialize($obj)));
}

//反序列化
function my_unserialize($txt)
{
 return unserialize(gzuncompress(base64_decode($txt)));
}

json_encode and json_decode

Using JSON format serialization and deserialization is a good choice:

Using json_encode and json_decode format output is much faster than serialize and unserialize formats.

(1) The JSON format is readable.

(2) The JSON format is smaller than the serialize returned data result.

(3) The JSON format is open and portable. Other languages ​​can use it as well.

$a = array('a' => 'Apple' ,'b' => 'banana' , 'c' => 'Coconut');
 
//序列化数组
$s = json_encode($a);
echo $s;
//输出结果：{"a":"Apple","b":"banana","c":"Coconut"}
 
echo &#39;<br /><br />&#39;;
 
//反序列化
$o = json_decode($s);

In the above example, the json_encode output length is obviously shorter than the serialize output length in the previous example. It should be noted that json_encode cannot serialize objects.

Summarize

The above is the detailed content of Summary and comparison of various serializations in php. For more information, please follow other related articles on the PHP Chinese website!