Serialization and deserialization in PHP

Parsing PHP's multiple serialization and deserialization methods

Serialization is the process of converting a variable into a string that can be saved or transmitted, and deserialization is the conversion of the string to the original variable at the appropriate time. Together, these two processes make it easy to store and transfer data, making the program more maintainable.
1. Serialize and Unserialize functions
These two are common functions for serializing and deserializing data in PHP.

Copy CodeThe code is as follows:
<?php
$a = Array (' a ' = = ' Apple ', ' b ' = ' banana ', ' c ' = ' Coconut ');
Serializing arrays
$s = serialize ($a);
Echo $s;
Output: a:3:{s:1: "a"; S:5: "Apple"; s:1: "B"; S:6: "Banana"; s:1: "C"; s:7: "Coconut";}
Echo ' <br/><br/> ';
Deserialization
$o = Unserialize ($s);
Print_r ($o);
Output Array ([a] + Apple [b] = banana [c] = = Coconut)
?>

Problems can occur when an array value contains characters such as double quotes, single quotes, or colons, which are deserialized. To overcome this problem, a clever trick is to use Base64_encode and Base64_decode.

Copy CodeThe code is as follows:
$obj = Array ();
Serialization of
$s = Base64_encode (serialize ($obj));
Deserialization
$original = Unserialize (Base64_decode ($s));
But base64 encoding will increase the length of the string. To overcome this problem, you can use it with gzcompress.
Defines a function to serialize an object
function My_serialize ($obj)
{
Returnbase64_encode (Gzcompress (Serialize ($obj)));
}
Deserialization
function My_unserialize ($txt)
{
Returnunserialize (Gzuncompress (Base64_decode ($txt)));
}

2. Json_encode and Json_decode
Serializing and deserializing using JSON format is a good choice:
Using Json_encode and Json_decode format output is much faster for serialize and unserialize formats.
The JSON format is readable.
The JSON format is smaller than the serialize return data result.
The JSON format is open and portable. It can also be used in other languages.

Copy CodeThe code is as follows:
$a = Array (' a ' = = ' Apple ', ' b ' = ' banana ', ' c ' = ' Coconut ');

Serializing arrays
$s = json_encode ($a);
Echo $s;
Output: {"A": "Apple", "B": "Banana", "C": "Coconut"}
Echo ' <br/><br/> ';
Deserialization
$o = Json_decode ($s);

In the above example, the Json_encode output length is obviously shorter than the serialize output length in the previous example.
3. Var_export and Eval
The Var_export function outputs the variable as a string, and Eval executes the string as PHP code, deserializing the contents of the original variable.

Copy CodeThe code is as follows:
$a = Array (' a ' = = ' Apple ', ' b ' = ' banana ', ' c ' = ' Coconut ');

Serializing arrays
$s = Var_export ($a, true);
Echo $s;
Output: Array (' a ' + = ' Apple ', ' b ' = ' banana ', ' c ' = ' Coconut ',)
Echo ' <br/><br/> ';
Deserialization
Eval (' $my _var= '. $s. ‘;‘);
Print_r ($my _var);

4. Wddx_serialize_value and WDDX Deserialize
The Wddx_serialize_value function can serialize array variables and output them as XML strings.

Copy CodeThe code is as follows:
$a = Array (' a ' = = ' Apple ', ' b ' = ' banana ', ' c ' = ' Coconut ');

Serializing arrays
$s = wddx_serialize_value ($a);
Echo $s;
Output (view source of output String): <wddxpacket version= ' 1.0 ' >Echo ' <br/><br/> ';
Deserialization
$o = Wddx_deserialize ($s);
Print_r ($o);
Output: Array ([a] = Apple [b] = Banana 1 = Coconut)

As you can see, there are more XML tag characters, resulting in a lot of space for serialization of this format.
Summary
All of the above functions perform normally when serializing array variables, but they are different when applied to objects. For example, the Json_encode serialization object fails. When deserializing an object, Unserialize and eval will have different effects.

Transferred from: http://qing.weibo.com/tag/unserialize

Compress complex data types into a string

Serialize () encodes the variables and their values into textual form unserialize () restores the original variable
eg

$stooges = Array (' Moe ', ' Larry ', ' Curly ');
$new = serialize ($stooges);
Print_r ($new); echo "<br/>";
Print_r (Unserialize ($new));

Results: a:3:{i:0;s:3: "Moe"; I:1;s:5: "Larry"; I:2;s:5: "Curly";} Array ([0] = Moe [1] = Larry [2] = Curly) When these serialized data is placed in a URL and passed between pages, the data needs to be called urlencode () to ensure that the URL metacharacters are processed:

$shopping = Array (' Poppy seed bagel ' = 2, ' Plain bagel ' =>1, ' Lox ' =>4);
Echo ' <a href= ' next.php?cart= '. UrlEncode (serialize ($shopping)). ' " >next</a> ';

The settings of the MARGIC_QUOTES_GPC and Magic_quotes_runtime configuration items affect the data that is passed to Unserialize (). If the MAGIC_QUOTES_GPC entry is enabled, the data passed in the URL, post variables, and cookies must be processed with stripslashes () before deserialization:

$new _cart = unserialize (stripslashes ($cart)); If MAGIC_QUOTES_GPC is turned on
$new _cart = unserialize ($cart);

If Magic_quotes_runtime is enabled, it must be processed with addslashes () before writing the serialized data to the file, and must be processed with stripslashes () before reading them:

$fp = fopen ('/tmp/cart ', ' W ');
Fputs ($FP, Addslashes (serialize ($a)));
Fclose ($FP);
If Magic_quotes_runtime is turned on
$new _cat = unserialize (stripslashes (file_get_contents ('/tmp/cart '));
If Magic_quotes_runtime is turned off
$new _cat = unserialize (file_get_contents ('/tmp/cart '));
In the case of Magic_quotes_runtime enabled, reading serialized data from the database must also be processed by stripslashes (), and the serialized data saved to the database must be processed by addslashes () so that it can be stored appropriately.
mysql_query ("INSERT INTO cart (Id,data) VALUES (1, '". Addslashes (Serialize ($cart)). ");
$rs = mysql_query (' Select data from cart where id=1 ');
$ob = Mysql_fetch_object ($RS);
If Magic_quotes_runtime is turned on
$new _cart = unserialize (stripslashes ($ob->data));
If Magic_quotes_runtime is turned off
$new _cart = unserialize ($ob->data);

When an object is deserialized, PHP automatically calls its __wakeup () method. This allows the object to reestablish various states that could not be persisted when serializing. For example: Database connections, and so on.

Serialization and deserialization in PHP