Unserialize and autoload_php Tutorials

Whenever a qualified PHPProgrammers, you should know unserializeAnd Autoload, but I am afraid that there is not much to be said about the relationship between them.

For example, suppose we can get the serialized data of a third party, but there is no corresponding class definition, the code is as follows:

<? Php

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = Unserialize ($string);

Var_dump ($result);

/*

Object (__php_incomplete_class) [1]

Public ' __php_incomplete_class_name ' = String ' Foobar ' (length=6)

Public ' foo ' = String ' 1 ' (length=1)

Public ' bar ' = = String ' 2 ' (length=1)

*/

？ > When we deserialize an object, if the object's class definition does not exist, then PHP introduces the concept of an unfinished class, namely: __php_incomplete_class, although we have succeeded in deserializing, but still cannot access the data in the object, Otherwise, the following error message will appear:

The script tried to execute a method or access a property of a incomplete object. Please ensure that the class definition of the the object is trying to operate on is loaded _before_ unserialize () gets Called or provide a __autoload () function to load the class definition.

It's not a difficult thing to do, just make a forced type conversion, and an array will be OK:

<? Php

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

/*

Array

' __php_incomplete_class_name ' = String ' Foobar ' (length=6)

' foo ' = String ' 1 ' (length=1)

' Bar ' = = String ' 2 ' (length=1)

*/

？ >

However, if the system activates the autoload, the situation becomes more complicated. By the way: PHP actually provides a configuration option named Unserialize_callback_func, but the meaning and autoload almost, here is not introduced, we say autoload, examples are as follows:

<? Php

Spl_autoload_register (function ($name) {

Var_dump ($name);

})；

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

？ > Execute the above code will find that Spl_autoload_register is triggered, most of the time this is meaningful, but if you encounter a poorly defined spl_autoload_register, such as the following code:

<? Php

Spl_autoload_register (function ($name) {

Include "/path/to/{$name}.php";

})；

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

？ >

No doubt, because the class definition file is not found, so the error! Change Spl_autoload_register sure line, but the premise is you can change, if involved in third-party code, we can not take the liberty of the decision, at this time we need a way to let Unserialize to bypass AutoLoad, The simplest way is to fake the classes we need:

<? Php

Spl_autoload_register (function ($name) {

Include "/path/to/{$name}.php";

})；

Class Foobar {}//Oh, shit!

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

？ > had to say, the above code is really dog poo! What's the best way to do that? I have roughly written an implementation:

<? Php

Spl_autoload_register (function ($name) {

Include "/path/to/{$name}.php";

})；

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$functions = Spl_autoload_functions ();

foreach ($functions as $function) {

Spl_autoload_unregister ($function);

}

$result = (array) unserialize ($string);

foreach ($functions as $function) {

Spl_autoload_register ($function);

}

Var_dump ($result);

？ The > code is a bit more, but at least it doesn't have a fake class and looks much more comfortable.

http://www.bkjia.com/PHPjc/371813.html www.bkjia.com true http://www.bkjia.com/PHPjc/371813.html techarticle If you are a qualified PHP programmer, you should know Unserialize and Autoload, but to talk about the relationship between the two, I'm afraid there are not many people. Say an example, false ...

