PHP provides serialize (serialization) and Unserialize (deserialization) methods.
Using serialize serialization, you can then use unserialize deserialization to get the original data.
Let's take a look at the following program examples:
1 2 3 4 5 6 7 8 9 10 11 12-13 |
<?php $arr = Array (' name ' => ' fdipzone ', ' gender ' => ' male '); $str = serialize ($arr); Serialization of Echo ' Serialize str: '. $str. ' Rnrn "; $content = Unserialize ($STR); Deserialize the echo "Unserialize str:rn"; Var_dump ($content); ?> |
Output:
1 2 3 4 5 6 7 8 9 |
Serialize str:a:2:{s:4: "Name"; S:8: "Fdipzone"; s:6: "Gender"; s:4: "Male";} Unserialize Str:array (2) {[' Name ']=> string (8) ' Fdipzone ' [' Gender ']=> string (4) ' Male '} |
But the following example deserialization returns false
1 2 3 4 |
<?php $str = ' a:9:{s:4: Time '; i:1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage s:29: "http://www.baidu.com/test.html"; s:5: "Cpage"; s:1: "-"; s:2: "IP"; s:15: "117.151.180.150"; s:7: "Ip_city"; s:31 : "Moving in Beijing, Beijing, China"; s:4: "Miao"; s:1: "5";} '; Var_dump (Unserialize ($STR)); BOOL (FALSE)?> |
After examining the serialized string, the problem is found in two places:
S:5: "url"
s:29: "Http://www.baidu.com/test.html"
Both of these should be
S:3: "url"
S:30: "Http://www.baidu.com/test.html"
This problem occurs because the encoding of the serialized data is inconsistent with the encoding at the time of deserialization, for example, the database is latin1 and UTF-8 characters are not the same length.
There are also possible problems with single double quotes, ASCII characters "" is resolved to ", in C is the string of Terminator equals Chr (0), error resolution after 2 characters."
R can also cause problems when calculating the length.
The workaround is as follows:
1 2 3 4 5 6 7 8 9 10 11 12-13 |
UTF8 function mb_unserialize ($serial _str) {$serial _str= preg_replace ('!s: (d+): "(. *?)";! Se ', ' ' s: '. strlen (' $ '). ': $ '; ' ", $serial _str); $serial _str= str_replace ("R", "" ", $serial _str); Return Unserialize ($serial _str); }//ASCII function asc_unserialize ($serial _str) {$serial _str = preg_replace ('!s: (d+): "(. *?)";! Se ', ' "s:". strlen ("$"). ":" $ ";" ', $serial _str); $serial _str= str_replace ("R", "" ", $serial _str); Return Unserialize ($serial _str); } |
Example:
1 2 3 4 5 6 7 8 9 |
echo ' <meta http-equiv= ' content-type ' content= ' text/html; Charset=utf-8 "> '; //utf8 function mb_unserialize ($serial _str) { $serial _str= preg_replace ('!s: (d+): "(. *?)";! Se ', ' ' s: '. strlen (' $ '). ': "$"; ' ", $serial _str); $serial _str= str_replace (" R "," ", $serial _str); return unserialize ($serial _str); } $str = ' a:9:{s:4: ' time '; : 1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage"; s:29: "http://www.baidu.com/ Test.html "; s:5:" Cpage "; s:1:"-"; s:2:" IP "; s:15:" 117.151.180.150 "; s:7:" Ip_city "; s:31:" Moving in Beijing, China "; s:4:" Miao "; s:1: "5";} '; Var_dump (Unserialize ($STR)); //false Var_dump (mb_ Unserialize ($STR)); Correct |
The Mb_unserialize method of filtering R can be deserialized successfully using a single double quote that has been processed.
Use Unserialize:
BOOL (FALSE)
Using Mb_unserialize
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19-20 |
Array (9) {[' Time ']=> int (1405306402) [' Name ']=> string (6) ' New morning ' [url ']=> string (1)] ' [word ']=&G T String (1) "-" ["RPage"]=> string () "http://www.baidu.com/test.html" ["Cpage"]=> string (1) "-" [IP]=> ; String "117.151.180.150" ["Ip_city"]=> string (31) "Beijing City, Beijing, China" ["Miao"]=> string (1) "5"} |