Summary and comparison of various serialization methods in php and php serialization
Preface
Serialization is the process of converting the object state to a retained or transfer-able format. In contrast to serialization, deserialization converts a stream into an object. These two processes can be combined to easily store and transmit data.
The process of converting the object state information to a form that can be stored or transmitted. During serialization, the object writes its current state to the temporary or persistent storage area. Later, you can re-create the object by reading or deserializing the object status from the bucket.
Generally, all fields of the object instance are serialized, which means that the data is expressed as the serialized data of the instance. In this way, the code that can explain the format may be able to determine the value of the data, without relying on the accessibility of the member. Similarly, deserialization extracts data from the serialized representation and directly sets the object status, which is irrelevant to the accessibility rules. For any object that may contain important security data, if possible, the object should not be serialized. If it must be serializable, try to generate a specific field to save important data that cannot be serialized. If this cannot be achieved, you should note that the data will be disclosed to any code with serialization permissions, and that this permission will not be obtained by any malicious code.
Serialize and unserialize Functions
These two are common functions for serialization and deserialization of PHP Data. It is helpful for storing or passing PHP values without losing their types and structures.
<? Php $ a = array ('A' => 'apple', 'B' => 'bana', 'c' => 'coconut '); // serialized array $ s = serialize ($ a); echo $ s; // output result: a: 3: {s: 1: "a"; s: 5: "Apple"; s: 1: "B"; s: 6: "banana"; s: 1: "c"; s: 7: "Coconut ";} echo '<br/>'; // deserialization $ o = unserialize ($ s); print_r ($ o ); // output result Array ([a] => Apple [B] => banana [c] => Coconut)?>
When array values contain characters such as double quotes, single quotes, or colons, they may be deserialized. To overcome this problem, a clever technique is to usebase64_encode
Andbase64_decode
.
$ Obj = array (); // serialization $ s = base64_encode (serialize ($ obj); // deserialization $ original = unserialize (base64_decode ($ s )); however, base64 encoding increases the length of the string. To overcome this problem, it can be used with gzcompress. // Define a function called my_serialize ($ obj) {return base64_encode (gzcompress (serialize ($ obj);} // deserialize function my_unserialize ($ txt) {return unserialize (gzuncompress (base64_decode ($ txt )));}
Json_encode and json_decode
JSON format serialization and deserialization are a good choice:
Usejson_encode
Andjson_decode
Format outputserialize
Andunserialize
The format is much faster.
(1)JSON
The format is readable.
(2)JSON
Format Ratioserialize
The returned data is small.
(3)JSON
The format is open and portable. You can also use it in other languages.
$ A = array ('A' => 'apple', 'B' => 'bana', 'c' => 'coconut '); // serialized array $ s = json_encode ($ a); echo $ s; // output result: {"a": "Apple", "B": "banana ", "c": "Coconut"} echo '<br/>'; // deserialization $ o = json_decode ($ s );
In the preceding example,json_encode
Output length ratio in the previous exampleserialize
The output length is obviously short. Note thatjson_encode
Objects cannot be serialized.
Summary
The above is all about this article. I hope you can enjoy it and help you. If you have any questions, leave a message to discuss them.