Detailed explanation of php serialization and deserialization

This article introduces the relevant knowledge of serialization and deserialization in php. It has a very good reference value. Let’s take a look at it with the editor.

Compress complex data types into a string

serialize() to combine variables and their The value is encoded into text form

unserialize() restores the original variable

eg:

$stooges = array('Moe','Larry','Curly');
$new = serialize($stooges);
print_r($new);echo "<br />";
print_r(unserialize($new));

Result: a:3:{i:0;s:3:"Moe";i:1;s:5:"Larry";i:2;s:5:"Curly";}

Array ([0] => Moe [1] => Larry [2] => Curly )

When these serialized data are placed in the URL, they will be passed between pages. When , you need to call urlencode() on this data to ensure that the URL metacharacters in it are processed:

$shopping = array('Poppy seed bagel' => 2,'Plain Bagel' =>1,'Lox' =>4);
echo &#39;<a href="next.php?cart=&#39;.urlencode(serialize($shopping)).&#39;" rel="external nofollow" >next</a>&#39;;

The settings of the margic_quotes_gpc and magic_quotes_runtime configuration items will affect The data passed to unserialize().

If the magic_quotes_gpc item is enabled, data passed in URLs, POST variables, and cookies must be processed with stripslashes() before deserialization:

$new_cart = unserialize(stripslashes($cart)); //如果magic_quotes_gpc开启
$new_cart = unserialize($cart);

If magic_quotes_runtime is enabled, serialized data must be processed with addslashes() before writing to the file, and stripslashes() before reading them:

$fp = fopen('/tmp/cart','w');
fputs($fp,addslashes(serialize($a)));
fclose($fp);
//如果magic_quotes_runtime开启
$new_cat = unserialize(stripslashes(file_get_contents('/tmp/cart')));
//如果magic_quotes_runtime关闭
$new_cat = unserialize(file_get_contents('/tmp/cart'));

When magic_quotes_runtime is enabled, the serialized data read from the database must also be processed by stripslashes() and saved to the serialization in the database. Data must be processed by addslashes() so that it can be stored appropriately.

mysql_query("insert into cart(id,data) values(1,'".addslashes(serialize($cart))."')");
$rs = mysql_query('select data from cart where id=1');
$ob = mysql_fetch_object($rs);
//如果magic_quotes_runtime开启
$new_cart = unserialize(stripslashes($ob->data));
//如果magic_quotes_runtime关闭
$new_cart = unserialize($ob->data);

When deserializing an object, PHP will automatically call its __wakeUp() method. This allows the object to re-establish various states that were not preserved during serialization. For example: database connection, etc.

The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

PHP Serialization and de-Serialization Detailed explanation of functions with pictures and text

PHP implements multiple serialization/anti-serialization methods

form formSerializationDetailed explanation (graphic tutorial)

The above is the detailed content of Detailed explanation of php serialization and deserialization. For more information, please follow other related articles on the PHP Chinese website!