A workaround for unserialize return false in PHP

PHP provides serialize (serialization) and Unserialize (deserialization) methods.

Using serialize serialization, you can then use unserialize deserialization to get the original data.

Let's take a look at the following program examples:

1 2 3 4 5 6 7 8 9 10 11 12-13

<?php $arr = Array (' name ' => ' fdipzone ', ' gender ' => ' male '); $str = serialize ($arr); Serialization of Echo ' Serialize str: '. $str. '      Rnrn "; $content = Unserialize ($STR);  Deserialize the echo "Unserialize str:rn";  Var_dump ($content); ?>

Output:

1 2 3 4 5 6 7 8 9

Serialize str:a:2:{s:4: "Name"; S:8: "Fdipzone"; s:6: "Gender"; s:4: "Male";} Unserialize Str:array (2) {[' Name ']=> string (8) ' Fdipzone ' [' Gender ']=> string (4) ' Male '}

But the following example deserialization returns false

1 2 3 4

<?php $str = ' a:9:{s:4: Time '; i:1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage s:29: "http://www.baidu.com/test.html"; s:5: "Cpage"; s:1: "-"; s:2: "IP"; s:15: "117.151.180.150"; s:7: "Ip_city"; s:31  : "Moving in Beijing, Beijing, China"; s:4: "Miao"; s:1: "5";} '; Var_dump (Unserialize ($STR)); BOOL (FALSE)?>

After examining the serialized string, the problem is found in two places:

S:5: "url"
s:29: "Http://www.baidu.com/test.html"
Both of these should be
S:3: "url"
S:30: "Http://www.baidu.com/test.html"

This problem occurs because the encoding of the serialized data is inconsistent with the encoding at the time of deserialization, for example, the database is latin1 and UTF-8 characters are not the same length.
There are also possible problems with single double quotes, ASCII characters "" is resolved to ", in C is the string of Terminator equals Chr (0), error resolution after 2 characters."
R can also cause problems when calculating the length.

The workaround is as follows:

1 2 3 4 5 6 7 8 9 10 11 12-13

UTF8 function mb_unserialize ($serial _str) {$serial _str= preg_replace ('!s: (d+): "(. *?)";!    Se ', ' ' s: '. strlen (' $ '). ': $ '; ' ", $serial _str);    $serial _str= str_replace ("R", "" ", $serial _str);  Return Unserialize ($serial _str); }//ASCII function asc_unserialize ($serial _str) {$serial _str = preg_replace ('!s: (d+): "(. *?)";!    Se ', ' "s:". strlen ("$"). ":" $ ";" ', $serial _str);    $serial _str= str_replace ("R", "" ", $serial _str);  Return Unserialize ($serial _str); }

Example:

1 2 3 4 5 6 7 8 9

echo ' <meta http-equiv= ' content-type ' content= ' text/html; Charset=utf-8 "> ';     //utf8  function mb_unserialize ($serial _str) {     $serial _str= preg_replace ('!s: (d+): "(. *?)";! Se ', ' ' s: '. strlen (' $ '). ': "$"; ' ", $serial _str);     $serial _str= str_replace (" R "," ", $serial _str);     return unserialize ($serial _str); }      $str = ' a:9:{s:4: ' time '; : 1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage"; s:29: "http://www.baidu.com/ Test.html "; s:5:" Cpage "; s:1:"-"; s:2:" IP "; s:15:" 117.151.180.150 "; s:7:" Ip_city "; s:31:" Moving in Beijing, China "; s:4:" Miao "; s:1: "5";} ';       Var_dump (Unserialize ($STR)); //false      Var_dump (mb_ Unserialize ($STR)); Correct

The Mb_unserialize method of filtering R can be deserialized successfully using a single double quote that has been processed.

Use Unserialize:

BOOL (FALSE)

Using Mb_unserialize

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19-20

Array (9) {[' Time ']=> int (1405306402) [' Name ']=> string (6) ' New morning ' [url ']=> string (1)] ' [word ']=&G   T String (1) "-" ["RPage"]=> string () "http://www.baidu.com/test.html" ["Cpage"]=> string (1) "-" [IP]=>   ; String "117.151.180.150" ["Ip_city"]=> string (31) "Beijing City, Beijing, China" ["Miao"]=> string (1) "5"}