Summary and comparison of various serialization methods in php and php serialization

Summary and comparison of various serialization methods in php and php serialization

Preface

Serialization is the process of converting the object state to a retained or transfer-able format. In contrast to serialization, deserialization converts a stream into an object. These two processes can be combined to easily store and transmit data.

The process of converting the object state information to a form that can be stored or transmitted. During serialization, the object writes its current state to the temporary or persistent storage area. Later, you can re-create the object by reading or deserializing the object status from the bucket.

Generally, all fields of the object instance are serialized, which means that the data is expressed as the serialized data of the instance. In this way, the code that can explain the format may be able to determine the value of the data, without relying on the accessibility of the member. Similarly, deserialization extracts data from the serialized representation and directly sets the object status, which is irrelevant to the accessibility rules. For any object that may contain important security data, if possible, the object should not be serialized. If it must be serializable, try to generate a specific field to save important data that cannot be serialized. If this cannot be achieved, you should note that the data will be disclosed to any code with serialization permissions, and that this permission will not be obtained by any malicious code.

Serialize and unserialize Functions

These two are common functions for serialization and deserialization of PHP Data. It is helpful for storing or passing PHP values without losing their types and structures.

<? Php $ a = array ('A' => 'apple', 'B' => 'bana', 'c' => 'coconut '); // serialized array $ s = serialize ($ a); echo $ s; // output result: a: 3: {s: 1: "a"; s: 5: "Apple"; s: 1: "B"; s: 6: "banana"; s: 1: "c"; s: 7: "Coconut ";} echo '<br/>'; // deserialization $ o = unserialize ($ s); print_r ($ o ); // output result Array ([a] => Apple [B] => banana [c] => Coconut)?>

When array values contain characters such as double quotes, single quotes, or colons, they may be deserialized. To overcome this problem, a clever technique is to usebase64_encodeAndbase64_decode.

$ Obj = array (); // serialization $ s = base64_encode (serialize ($ obj); // deserialization $ original = unserialize (base64_decode ($ s )); however, base64 encoding increases the length of the string. To overcome this problem, it can be used with gzcompress. // Define a function called my_serialize ($ obj) {return base64_encode (gzcompress (serialize ($ obj);} // deserialize function my_unserialize ($ txt) {return unserialize (gzuncompress (base64_decode ($ txt )));}

Json_encode and json_decode

JSON format serialization and deserialization are a good choice:

Usejson_encodeAndjson_decodeFormat outputserializeAndunserializeThe format is much faster.

(1)JSONThe format is readable.

(2)JSONFormat RatioserializeThe returned data is small.

(3)JSONThe format is open and portable. You can also use it in other languages.

$ A = array ('A' => 'apple', 'B' => 'bana', 'c' => 'coconut '); // serialized array $ s = json_encode ($ a); echo $ s; // output result: {"a": "Apple", "B": "banana ", "c": "Coconut"} echo '<br/>'; // deserialization $ o = json_decode ($ s );

In the preceding example,json_encodeOutput length ratio in the previous exampleserializeThe output length is obviously short. Note thatjson_encodeObjects cannot be serialized.

Summary

The above is all about this article. I hope you can enjoy it and help you. If you have any questions, leave a message to discuss them.