|
|
serialize (PHP 3 >= 3.0.5, PHP 4, PHP 5) serialize --
Generates a storable representation of a value
Descriptionstring serialize ( mixed value )
serialize() returns a string containing a
byte-stream representation of value that
can be stored anywhere.
This is useful for storing or passing PHP values around without
losing their type and structure.
To make the serialized string into a PHP value again, use
unserialize(). serialize()
handles all types, except the resource-type.
You can even serialize() arrays that contain
references to itself. Circular references inside the array/object you
are serialize()ing will also be stored. Any other
reference will be lost.
When serializing objects, PHP will attempt to call the member function
__sleep() prior to serialization. This is to allow the
object to do any last minute clean-up, etc. prior to being serialized.
Likewise, when the object is restored using unserialize()
the __wakeup() member function is called.
Замечание:
This didn't work correctly until 4.0.7.
Замечание:
In PHP 3, object properties will be serialized, but methods are
lost. That limitation was removed in PHP 4 as both properties
and methods are now restored. Please see the Serializing Objects
section of Classes and
Objects for more information.
It is not possible to serialize PHP built-in objects.
Пример 1. serialize() example |
<?php
$conn = odbc_connect("webdb", "php", "chicken");
$stmt = odbc_prepare($conn,
"UPDATE sessions SET data = ? WHERE id = ?");
$sqldata = array (serialize($session_data), $PHP_AUTH_USER);
if (!odbc_execute($stmt, &$sqldata)) {
$stmt = odbc_prepare($conn,
"INSERT INTO sessions (id, data) VALUES(?, ?)");
if (!odbc_execute($stmt, &$sqldata)) {
}
}
?>
|
|
See Also: unserialize().
BruceCompanys
28-Oct-2007 06:43
O.o
I sampled your detection and it's bloody idiocy!
Try this:
<?php
$string = "hello, my name is Bruce!";
$string = serialize($string);
echo $string;
echo "<br />";
echo unserialize($string);
?>
Displays:
s:25:"hello, my name is Bruce!"
hello, my name is Bruce!
Bruce
pons+phpnet at brainonfire dot net
28-Sep-2007 11:53
Warning: serialize() will trim() any strings!
I spent a good hour discovering this. >.<
aaron dot krohn at gmail dot com
13-Sep-2007 08:45
@ nothanks
you should be able to prevent your serialized array from breaking the query by escaping it.
$nested_array = serialize($array);
$query_safe = mysql_real_escape_string($nested_array);
aksel at metal dot ee
13-Sep-2007 03:31
To serialize objects with fields that contain unicode values use that logic.
Note! Obviously it does not convert correctly possible unicode values in arrays that may be member values of the object. Use an array class for that that inherits from the same base object that implements that serialization;)
<?php
public function serialize(){
$serialized = array();
foreach(array_keys(get_class_vars(get_class($this))) as $key){
if(is_array($this->$key) ){
eval('$serialized["'.$key.'"] = serialize($this->'.$key.');');
}else{
eval('$serialized["'.$key.'"] = utf8_encode($this->'.$key.');');
}
}
$str = serialize($serialized);
return $str;
}
public function unserialize($serialized){
$data = unserialize($serialized);
foreach($data as $prop => $val){
if(is_array($this->$prop) ){
$this->$prop = unserialize($val);
}else{
$this->$prop = utf8_decode($val);
}
}
}
?>
nothanks at nothanks dot no
16-Aug-2007 03:02
I had to put a massive multidimensional array in a single field in the database. Unfortunatly the array contained lots of "forbidden" characters: ", ', ;, :, and so on and so forth, breaking the query and my later attempts at deserialize().
Here's a quick and dirty solution:
<?php
$safe_string_to_store = base64_encode( serialize( $multidimensional_array ) ) ;
?>
And in the other end:
<?php
$encoded_serialized_string = dbh->query("SELECT archives_arr FROM ". $table_name . " WHERE id=0")
$array_restored_from_db = unserialize( base64_decode( $encoded_serialized_string ));
?>
deminy at deminy dot net
08-Aug-2007 09:44
Reply to erudd's post:
The regular expression you used to unserialize a PHP session file won't work if the session file contains string variable which contains character "|".
As I can see now, there is no any regular expression that can easily split data in a PHP session file. To read data from a session file, we may have to write a function to read content from the file, and then parse the content.
btbeat at gmail dot com
28-Jun-2007 01:09
Generally when I do an insert into a database table of posted data, I use the recommended mysql_real_escape_string function, with stripslashes if the get_magic_quotes_gpc is on.
<?php
function prepData($var) {
if (get_magic_quotes_gpc()) {
$var = stripslashes($var);
}
return mysql_real_escape_string($var);
}
?>
I've been having a problem inserting a serialized array into a MySQL database that contained single and double quotes for values.
ex: "quotes" => "some 'quoted' "text""
you'd think it would be:
a:1:{s:6:"quotes";s:20:"some 'quoted' "text"";}
as prepData function would strip the slashes.
However, what goes into the database is:
a:1:{s:6:"quotes";s:24:"some 'quoted' "text"";}
as if there are slashes before the single and double quotes.
Obviously on unserializing the data, there is an error, as 24 chars are expected, when there are only 20.
So, the solution I've coded for my safe insert prepData function is:
<?php
function prepData($var, $serialized = 0) {
if( $serialized == 0 ) {
if (get_magic_quotes_gpc()) {
$var = stripslashes($var);
}
}
return mysql_real_escape_string($var);
}
?>
when inserting plain data from a post:
<? $data = prepData($data); ?>
for serialized data:
<? $data = prepData($data, 1); ?>
cracked my head on this one a bit :|
strange behaviour for serialize(), i.e. string count, counts slashes that are not there.
friday13 at ig dot com dot br
19-Jun-2007 07:15
I have problem to use serialize function with hidden form field and the resolution was use htmlentities.
Ex.:
<?
$lista = array( 'pera', 'ma
|
|
add a note
User Contributed Notes
print_r