PHP provides serialize (serialization) and Unserialize (deserialization) methods.
Once serialized using serialize, the original data can be obtained using unserialize deserialization. (Change the table structure or do the following)
[PHP]View Plaincopy
- <?php
- $arr = Array (
- ' name ' = ' Fdipzone ',
- ' gender ' = ' male '
- );
- $str = Serialize ($arr); //Serialization
- echo ' serialize str: '. $str."\r\n\r\n";
- $content = unserialize ($str); //deserialization
- echo "Unserialize str:\r\n";
- Var_dump ($content);
- ?>
Output:
[Plain]View Plaincopy
- Serialize str:a:2:{s:4: "Name"; S:8: "Fdipzone"; s:6: "Gender"; s:4: "Male";}
- Unserialize STR:
- Array (2) {
- ["Name"]=>
- String (8) "Fdipzone"
- ["Gender"]=>
- String (4) "Male"
- }
But the following example deserializes returns false
[PHP]View Plaincopy
- <?php
- $str = ' a:9:{s:4: ' time '; i:1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage"; s : "Http://www.baidu.com/test.html"; s:5: "Cpage"; s:1: "-"; s:2: "IP"; s:15: "117.151.180.150"; s:7: "Ip_city"; s:31: " S:4, Beijing, China: "Miao"; s:1: "5";} ';
- Var_dump (Unserialize ($str)); //bool (FALSE)
- ?>
Check the serialized string and find out that the problem is in two places
S:5: "url"
s:29: "Http://www.baidu.com/test.html"
These two places should be
S:3: "url"
S:30: "Http://www.baidu.com/test.html"
This problem occurs because the encoding when serializing the data is inconsistent with the encoding when deserializing, for example, the database is latin1 and the UTF-8 character length is not the same.
There is also the possibility of a single double quotation mark, the ASCII character "\" is resolved to ' Terminator ', in C is the string is equal to Chr (0), error parsing after 2 characters.
\ r also causes problems when calculating the length.
Here's how to fix it:
[PHP]View Plaincopy
- Utf8
- function mb_unserialize ($serial _str) {
- $serial _str= preg_replace ('!s: (\d+): "(. *?)";! Se ', ' s: '. strlen (' $ "). ': \ ' $2\ "; '", $serial _str);
- $serial _str= str_replace ("\ r", "", $serial _str);
- return unserialize ($serial _str);
- }
- Ascii
- function asc_unserialize ($serial _str) {
- $serial _str = preg_replace ('!s: (\d+): "(. *?)";! Se ', ' "s:". strlen ("$"). ": \" $2\ ";" ', $serial _str);
- $serial _str= str_replace ("\ r", "", $serial _str);
- return unserialize ($serial _str);
- }
Example:
[PHP]View Plaincopy
- echo ' <meta http-equiv= "Content-type" content= "text/html; Charset=utf-8" > ";
- Utf8
- function mb_unserialize ($serial _str) {
- $serial _str= preg_replace ('!s: (\d+): "(. *?)";! Se ', ' s: '. strlen (' $ "). ': \ ' $2\ "; '", $serial _str);
- $serial _str= str_replace ("\ r", "", $serial _str);
- return unserialize ($serial _str);
- }
- $str = ' a:9:{s:4: ' time '; i:1405306402;s:4: "Name"; S:6: "New Morning"; s:5: "url"; s:1: "-"; s:4: "word"; s:1: "-"; S:5: "RPage"; s : "Http://www.baidu.com/test.html"; s:5: "Cpage"; s:1: "-"; s:2: "IP"; s:15: "117.151.180.150"; s:7: "Ip_city"; s:31: " S:4, Beijing, China: "Miao"; s:1: "5";} ';
- Var_dump (Unserialize ($str)); //False
- Var_dump (Mb_unserialize ($str)); //correct
The Mb_unserialize method of filtering \ r can be successfully deserialized using a single double-quote process.
[Plain]View Plaincopy
- Using Unserialize
- BOOL (FALSE)
- Using Mb_unserialize
- Array (9) {
- ["Time"]=>
- Int (1405306402)
- ["Name"]=>
- String (6) "New Morning"
- ["url"]=>
- String (1) "-"
- ["word"]=>
- String (1) "-"
- ["RPage"]=>
- String ("http://www.baidu.com/test.html")
- ["Cpage"]=>
- String (1) "-"
- ["IP"]=>
- String (15) "117.151.180.150"
- ["Ip_city"]=>
- String (31) "Mobile", Beijing, Beijing, China
- ["Miao"]=>
- String (1) "5"
- }
PHP unserialize Returns a workaround for false