CascadiaPHP 2024

序列化对象 - 在会话中存放对象

所有 PHP 里面的值都可以使用函数 serialize() 来返回一个包含字节流的字符串来表示。unserialize() 函数能够重新把字符串变回 PHP 原来的值。序列化一个对象将会保存对象的所有变量,但是不会保存对象的方法,只会保存类的名字。

为了能够 unserialize() 一个对象,这个对象的类必须已经定义过。如果序列化类 A 的一个对象,将会返回一个跟类 A 相关,而且包含了对象所有变量值的字符串。 如果要想在另外一个文件中反序列化一个对象,这个对象的类必须在反序列化之前定义,可以通过包含一个定义该类的文件或使用函数 spl_autoload_register() 来实现。

<?php
// A.php:

class A {
public
$one = 1;

public function
show_one() {
echo
$this->one;
}
}

// page1.php:

include "A.php";

$a = new A;
$s = serialize($a);
// 把变量$s保存起来以便文件page2.php能够读到
file_put_contents('store', $s);

// page2.php:

// 要正确反序列化,必须包含下面一个文件
include "A.php";

$s = file_get_contents('store');
$a = unserialize($s);

// 现在可以使用对象$a里面的函数 show_one()
$a->show_one();
?>

在应用程序中序列化对象以便在之后使用,强烈推荐在整个应用程序都包含对象的类的定义。 不然有可能出现在反序列化对象的时候,没有找到该对象的类的定义,从而把没有方法的类 __PHP_Incomplete_Class_Name 作为该对象的类,导致返回一个没有用的对象。

所以在上面的例子中,通过在 $_SESSION 超全局数组中添加新的键,把变量 $a 放在会话里之后,需要在每个页面都包含文件 A.php, 而不是只有文件 page1.phppage2.php

除了以上建议,可以在对象上使用 __sleep()__wakeup() 方法对序列化/反序列化事件挂载钩子。 使用 __sleep() 也能够让你仅序列化对象的某些属性。

add a note

User Contributed Notes 4 notes

up
232
php at lanar dot com dot au
14 years ago
Note that static members of an object are not serialized.
up
32
michael at smith-li dot com
9 years ago
Reading this page you'd be left with the impression that a class's `serialize` and `unserialize` methods are unrelated to the `serialize` and `unserialize` core functions; that only `__sleep` and `__unsleep` allow you to customize an object's serialization interface. But look at http://php.net/manual/en/class.serializable.php and you'll see that there is a more straightforward way to control how a user-defined object is serialized and unserialized.
up
5
Anonymous
3 years ago
Until such time as these documents are updated, note that `session_register()` is not needed to automatically serialize & unserialize objects in sessions. Any objects in `$_SESSION` are serialized when the session is closed (via `session_write_close()` or upon script exit) & unserialized when opened (via `session_start()`). The note about including classes throughout an app (either by including the definition globally or autoloading it) still holds.
up
-14
Yahia Fouda
1 year ago
This trick can be useful when you need to pass object data as strings of text between scripts and applications. Common situations include:

* Passing objects via fields in web forms
* Passing objects in URL query strings
* Storing object data in a text file, or in a single database field

and Sometimes it’s useful to do some cleaning up before serializing an object. For example, you might want to write unsaved object data to a database and close the database connection. Similarly, after you’ve unserialized an object, you might want to restore its database connection and perform other setup tasks so that the new object can be used properly.
To Top