在php序列化格式(即数据在传输时防止格式类型丢失,先进行打包即序列化,完成传输后解包即反序列化)
序列化函数原型:string serialize ( mixed $value )
class CC { public $data; private $pass; public function __construct($data, $pass) { $this->data = $data; $this->pass = $pass; } } $number = 34; $str = 'uusama'; $bool = true; $null = NULL; $arr = array('a' => 1, 'b' => 2); $cc = new CC('uu', true); var_dump(serialize($number)); var_dump(serialize($str)); var_dump(serialize($bool)); var_dump(serialize($null)); var_dump(serialize($arr)); var_dump(serialize($cc));
输出结果
string(5) "i:34;" string(13) "s:6:"uusama";" string(4) "b:1;" string(2) "N;" string(30) "a:2:{s:1:"a";i:1;s:1:"b";i:2;}" string(52) "O:2:"CC":2:{s:4:"data";s:2:"uu";s:8:" CC pass";b:1;}"
序列化对不同格式字符串结果不同
string:s:size:value
integer:i:value
boolean:b:value(即0或1)
array:a:size:{key:value;key:value}
object:o:strlen(object name):object name:object size:{s:strlen(property name):property name:property definition;}
注:序列化对象时,不会保存常量的值。对于父类中的变量,则会保留。
反序列化函数:mixed unserialize ( string $str )
unserialize()
反序列化函数用于将单一的已序列化的变量转换回 PHP 的值。
- 如果传递的字符串不可解序列化,则返回 FALSE,并产生一个
E_NOTICE
- 返回的是转换之后的值,可为
integer``float
、string
、array
或object
- 若被反序列化的变量是一个对象,在成功重新构造对象之后,PHP会自动地试图去调用
__wakeup()
成员函数(如果存在的话)class User{ const SITE = 'uusama'; public $username; public $nickname; private $password; private $order; public function __construct($username, $nickname, $password) { $this->username = $username; $this->nickname = $nickname; $this->password = $password; } // 定义反序列化后调用的方法 public function __wakeup() { $this->password = $this->username; } } $user_ser = 'O:4:"User":2:{s:8:"username";s:6:"uusama";s:8:"nickname";s:2:"uu";}'; var_dump(unserialize($user_ser));
结果:
object(User)#1 (4) { ["username"]=> string(6) "uusama" ["nickname"]=> string(2) "uu" ["password":"User":private]=> string(6) "uusama" ["order":"User":private]=> NULL }
__wakeup()
函数在对象被构建以后执行,所以$this->username的值不为空(为空则会绕过此函数,或反序列化时数据被改动也会绕过) 反序列化时,会尽量将变量值进行匹配并复制给序列化后的对象