Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : Variable Handling Functions : serialize

serialize

Generates a storable representation of a value (PHP 4, PHP 5, PECL axis2:0.1.0-0.1.1)
string serialize ( mixed value )

Generates a storable representation of a value

This is useful for storing or passing PHP values around without losing their type and structure.

To make the serialized string into a PHP value again, use unserialize().

Parameters

value

The value to be serialized. serialize() handles all types, except the resource-type. You can even serialize() arrays that contain references to itself. Circular references inside the array/object you are serialize()ing will also be stored. Any other reference will be lost.

When serializing objects, PHP will attempt to call the member function __sleep() prior to serialization. This is to allow the object to do any last minute clean-up, etc. prior to being serialized. Likewise, when the object is restored using unserialize() the __wakeup() member function is called.

Return Values

Returns a string containing a byte-stream representation of value that can be stored anywhere.

Examples

Example 2599. serialize() example

<?php
// $session_data contains a multi-dimensional array with session
// information for the current user.  We use serialize() to store
// it in a database at the end of the request.

$conn = odbc_connect("webdb", "php", "chicken");
$stmt = odbc_prepare($conn,
     
"UPDATE sessions SET data = ? WHERE id = ?");
$sqldata = array (serialize($session_data), $_SERVER['PHP_AUTH_USER']);
if (!
odbc_execute($stmt, &$sqldata)) {
   
$stmt = odbc_prepare($conn,
   
"INSERT INTO sessions (id, data) VALUES(?, ?)");
   if (!
odbc_execute($stmt, &$sqldata)) {
       
/* Something went wrong.. */
   
}
}
?>


ChangeLog

Version Description
4.0.7 The object serialization process was fixed.
4.0.0 When serializing an object, methods are not lost anymore. Please see the Serializing Objects for more information.

Notes

Note:

It is not possible to serialize PHP built-in objects.

Code Examples / Notes » serialize

eggyknap

[Editor's note: This has been fixed. Protected and private members were serialized with a leading \0 (zero byte). Bug report here, http://bugs.php.net/29865 - aidan@php.net]
Be careful trying to serialize objects containing private or protected data members. It appears that the serialization process includes characters in the result string to indicate the visibility of each member, but the characters used to denote protected or private data are outside the normal character set and can cause problems as you pass them through applications. I haven't found the culprit in my particular case, so I can't say that this is a bug in PHP, but it certainly is causing me some annoyance in my particular situation.


pathfinder

Wrong, no trimming occurs during serialisation.
I'd guess you output strings in HTML without figuring out how HTML handles whitespace.


varrah no_garbage_or_spam

Worked with Andrea, so the script is now updated to support at least UTF-8 correctly. Details can be found at http://www.sitepoint.com/blogs/2004/04/22/ serializing-php-data-structures-for-javascript (had to insert space after the 22/  otherwise the link was too long and comments engine didn't want to pass it :-) )

abductee _at_ texture _minus_ editor.com

wiart at yahoo dot com wrote:
>As you can see, the original array :
>$arr["20041001103319"] = "test"
>
>after serialize/unserialize is:
>$arr[683700183] = "test"
yepp, and i can explain it.
the internal compiler of php does not hit anys rule wich foces him to make that number a string during serialisation. since it becomes an integer and php supports 32bit interger not arbitary bitwidth this is what happens:
"20041001103319"
equals hexadecimal:
0x123A28C06FD7h
if you cut away the frontpart cutting down to 32bis,
you get:
0x28C06FD7h
wich equals 683700183.
of, for those of you who speak binary:
20041001103319 =
100100011101000101000110000000110111111010111bin
----cut-away----00101000110000000110111111010111bin
=683700183
so, what can you do to prevent stuff like this?
eihter use only numbers between 0..9999999999
or force strings, best way ist to add a character
like
foo["c2342303"]
cheers, abductee


tino

While writing shopping cart applications i needed a way to keep track of many variables beteween page loads.. i was using a cookie for each but this became hard to manage so I cam up with this simple session object. It serializes the object, base 64 encodes it and sets a cookie for it.. vice versa on page load where it detects the cookie
add whatever variables you need to this class
btw if you like it, hate it or have any comments send me an email to let me know
<?php
class session {
var $cartID;
var $userID;
var $userAuth;

function session () {
//Attempt to load previous session from user cookie

//First see if the session was passed through the URL
//This is useful to pass stuff between different URL
               if ($_GET['session']) {
$this = unserialize (base64_decode ($_GET['session']));

               //Check for the cookie, if none a blank session is created
               } else {
if ($_COOKIE['session']) {
$this = unserialize (base64_decode ($_COOKIE['session']));
}
}
}
function save () {
setcookie ('session', base64_encode (serialize ($this)));
}
function delete () {
setcookie ('session');
unset ($this);
}
}
?>


admin

When I serialized an object and looked into resulting string, I mentioned that all private properties' names were prefixed by class name.
This code:
<?php
       class myclass {
               private $priv1 = "val1",
                          $myclasspriv2 = "val2";
               public $pub = "val3";
       }
       $inst = new myclass ();
       echo serialize($inst);
?>
resulted in (don't look at word wrapping):
O:7:"myclass":3:{s:14:"myclasspriv1";
s:4:"val1";s:21:"myclassmyclasspriv2";
s:4:"val2";s:3:"pub";s:4:"val3";}


pons+phpnet

Warning: serialize() will trim() any strings!
I spent a good hour discovering this. >.<


wiart

Warning: on 64 bits machines,  if you use a long string only composed of numbers as a key in an array and serialize/unserialize it, you can run into problems:
an example code:
$arr["20041001103319"] = 'test';
var_dump( $arr);
$arr_in_str = serialize($arr);
print "Now result is: $arr_in_str<BR />";
$final_arr = unserialize($arr_in_str);
print "The final unserialized array:<BR />";
var_dump($final_arr);
The result:
array(1) { [20041001103319]=>  string(4) "test" }
Now result is: a:1:{i:20041001103319;s:4:"test";}
The final unserialized array:
array(1) { [683700183]=> string(4) "test" }
As you can see, the original array :
$arr["20041001103319"] = "test"
after serialize/unserialize is:
$arr[683700183] = "test"
As you can see,  the key has changed ...
Apparently a problem of implicit casting + integer overflow (I posted a PHP bug report: http://bugs.php.net/bug.php?id=31117)
I tested with the latest 4.3.10 compiled on my laptop (32 bits, Mandrake 9.1) --> no such problem. But compiled on AMD 64 bits (Red Hat Taroon), the problem is present.
Hope this will help some of you to not loose almost a whole day of debugging ;-)


sean

Very short function I made to turn arrays into a string for fwriting, doesnt create unnecessary commas either:
<?
function arraytostring($array){
$text.="array(";
$count=count($array);
foreach ($array as $key=>$value){
$x++;
if (is_array($value)) {$text.=$key."=>".arraytostring($value); continue;}
$text.="\"$key\"=>\"$value\"";
if ($count!=$x) $text.=",";
}
$text.=")";
return $text;
}
?>


erudd

To unserialize a PHP session file, unserlize can not be used directly.
The data must be split, as the php session file also contains the names of the variables which serialize/unserialize do not do.  Here is a simple preg_split that will acomplish the split.. (regex not thuroughly tested, but should work for most all circumstances)
<?php
$session = file_get_contents($session_file);
$data = preg_split('/([A-Za-z_][A-Za-z0-9_]*)\|/',$session,-1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
?>
$data[0] will contain the variable name, and $data[1] will contain the serialized data.  so in effect
<?php
$$data[0] = unserialize($data[1]);
?>
will restore that one variable.
just go through the $data array evens being the variable name, odd being the data.  You can use this to create a simple command line session viewer:)


aksel

To serialize objects with fields that contain unicode values use that logic.
Note! Obviously it does not convert correctly possible unicode values in arrays that may be member values of the object. Use an array class for that that inherits from the same base object that implements that serialization;)
<?php
/**
                 * Serializes object with/without unicode fields
                 * Before serializing encodes unicode values
                 *
                 * @return string
                 */
                 public function serialize(){
                      $serialized = array();
                      foreach(array_keys(get_class_vars(get_class($this))) as $key){
                          if(is_array($this->$key) ){
                              eval('$serialized["'.$key.'"] = serialize($this->'.$key.');');
                          }else{
                               eval('$serialized["'.$key.'"] = utf8_encode($this->'.$key.');');
                          }
                      }
                      $str = serialize($serialized);
                      return $str;
                 }
                 /**
                  * Unserializes object with/without unicode fields
                  *
                  * @param string Serialized data
                  */
                  public function unserialize($serialized){
                      $data = unserialize($serialized);
                      foreach($data as $prop => $val){
                          if(is_array($this->$prop) ){
                               $this->$prop = unserialize($val);
                          }else{
                               $this->$prop = utf8_decode($val);
                          }
                      }
                  }
?>


jan

This should be EXTREMELY helpful when you are getting lost in php 4 circular references and sessions or serializing ...
<?php
// this example is for php 4
class Node {
 var $value;
 var $child;
 var $parent;
 var $load;
 var $__destroyed = false;
 function Node($value)
 {
   $this->value = $value;
   global $load;
   $this->load = $load;
 }
 function setParent(&$parent)
 {
   $this->parent = &$parent;
 }
 function setChild(&$child)
 {
   $this->child = &$child;
 }
 /**
 * @return void
 * @desc fake __destroy from a php 4 point of view
 */
 function __destroy()
 {
   $props = get_object_vars($this);
   foreach($props as $propName => $propValue) {
     unset($propValue);
     if(is_object($this->$propName)) {
       if(method_exists($this->$propName, '__destroy') AND $this->$propName->__destroyed !== false) {
         $this->$propName->__destroy();
       }
     }
     if(isset($this->$propName)) {
       unset($this->$propName);
     }
   }
 }
}
header('Content-type: text/plain');
// small load to check the serialized string
$loadSize = 4;
// big load to check leaking
//$loadSize = 32 * 1024;
$load     = str_repeat('.', $loadSize);
for($i = 0;$i<10;$i++) {
 echo '-------------------- '.(memory_get_usage()/1024).' -------------------------'.chr(10);
 
 $serMe = array();
 $serMe['parent'] =& new Node('parent');
 $serMe['child']  =& new Node('child');
 
 /*
  * this will work too !!
  *   $serMe['parent'] = new Node('parent');
  *   $serMe['child']  = new Node('child');
  */
 $serMe['parent']->setChild($serMe['child']);
 $serMe['child']->setParent($serMe['parent']);
 
 
 $str = serialize($serMe);
 
 /*
  * 1.Problem:
  *
  * You have 2 or more objects with circular references to one another.
  * Serializing these objects will result in unexpected behaviour when
  * unserializing them:
  *
  * Former references will become copies.
  *
  * This is because the php serialize handler can not handle references,
  * unless all involved objects, variables ... are within an array(),
  * that will be serialized.
  *
  * This should be selfexplaining (just take a look at the length ...):
  * echo serialize($serMe['parent']);
  * echo serialize($serMe);
  *
  * results in:
  *
  * O:4:"node":5:{s:5:"value";s:6:"parent";s:5:"child";O:4:"node
  * ":5:{s:5:"value";s:5:"child";s:5:"child";N;s:6:"parent";O:4:
  * "node":5:{s:5:"value";s:6:"parent";s:5:"child";R:3;s:6:"pare
  * nt";N;s:4:"load";s:4:"....";s:11:"__destroyed";b:0;}s:4:"loa
  * d";s:4:"....";s:11:"__destroyed";b:0;}s:6:"parent";N;s:4:"lo
  * ad";s:4:"....";s:11:"__destroyed";b:0;}
  *
  * a:2:{s:6:"parent";O:4:"node":5:{s:5:"value";s:6:"parent";s:5
  * :"child";O:4:"node":5:{s:5:"value";s:5:"child";s:5:"child";N
  * ;s:6:"parent";R:2;s:4:"load";s:4:"....";s:11:"__destroyed";b
  * :0;}s:6:"parent";N;s:4:"load";s:4:"....";s:11:"__destroyed";
  * b:0;}s:5:"child";R:4;}
  *
  * PLEASE GIVE THE WORLD PROPER DOCUMENTATION ON THIS (or prove us wrong)
  *
  * 2.Problem:
  *
  * The loop below will result in extensive leaking (use the big $loadsize ...),
  * unless you help yourself and unset all the properties manually
  * see Node::__destroy()
  *
  */

 $serMe['parent']->__destroy();
 $serMe['child']->__destroy();
 $serMe = unserialize($str);
 unset($str);
 $serMe['parent']->value = 'new parent';
 echo '-->'.$serMe['parent']->child->parent->value.chr(10);
 echo '-->'.$serMe['parent']->value.chr(10);
 
 $serMe['parent']->__destroy();
 $serMe['child']->__destroy();
 unset($serMe);
}
?>


01-dec-2004 09:30

This is just a modification of what Alan Reddan (areddan at silverarm dot ie) posted below.
I figured it would be faster than walking an array, and it works wonderfully with cookies
<?php
$data[qwerty] = "blah";
$data[1][a] = "1aa";
$data[2][b] = "2bb";
$data[3][c] = ";;;;;;";
$data[name][first] = "Bob";
$data[name][last] = "Jones";
$data[val] = "This is a real long test string, to see how well the compression works!";
//To Serialise Call :
$string = gzcompress(serialize($data), 9);
setcookie("my_var", $string, time()+60*60*24*60, '/');
//print "String: $string\n
"; //uncomment to see serialized array
//To Unserialize Call
if (isset($_COOKIE[my_var])) {
 $array = unserialize(gzuncompress($_COOKIE[my_var]));
 echo "<pre>";
 print_r($array);
 echo "</pre>";
}
?>
you can replace gzcompress with base64_encode and gzuncompress with base64_decode to have a similar experience
Alan, thanks for the tip though, it got me where I wanted to be!


goetas

the serialize dont function properly when a variable contain a ;
I wrote these two functions that resolve this problem:
this function work only with arrays:
<?php
function base64_unserialize($str){
$ary = unserialize($str);
if (is_array($ary)){
foreach ($ary as $k => $v){
if (is_array(unserialize($v))){
$ritorno[$k]=base64_unserialize($v);
}else{
$ritorno[$k]=base64_decode($v);
}
}
}else{
return false;
}
return $ritorno;
}
function base64_serialize($ary){
if (is_array($ary)){
foreach ($ary as $k => $v){
if (is_array($v)){
$ritorno[$k]=base64_serialize($v);
}else{
$ritorno[$k]=base64_encode($v);
}
}
}else{
return false;
}
return serialize ($ritorno);
}
?>


kris dover

The PHPSerialization class linked in my last comment now supports serialize()'ing java objects to the php serialization text format, thus facilitating a means of data inter-change between php and java communicating against a common php serialized data source.
reverse mappings are as follows:
  _PHP Type_   <-----------------   _Java Type_
     array                            java.lang.Object[]
     int                                java.lang.Byte
     int                                java.lang.Short
     double                           java.lang.Float
     double                           java.lang.Long
     double                           java.lang.BigInteger
     double                           java.lang.BigDecimal
     string                            java.lang.Character
     string                            java.lang.CharBuffer
     string                            java.lang.StringBuffer


deminy

Reply to erudd's post:
The regular expression you used to unserialize a PHP session file won't work if the session file contains string variable which contains character "|".
As I can see now, there is no any regular expression that can easily split data in a PHP session file. To read data from a session file, we may have to write a function to read content from the file, and then parse the content.


hfuecks

Regarding serializing PHP data types to Javascript, following Ivans note below, theres an example at http://www.tekool.net/php/js_serializer/.
The basic serialization looks good although, in its current form, it works on the basis of generating Javascript source which a browser executes as a page loads. Using Javascripts eval() the same can be done with strings containing Javascript if youre working with something like XMLHTTPRequest


dr dot slump

regarding PHP to JS serialization I did some time ago a function which works using "eval" as Harry points out.
<?php
//helper function, returns true if the array is associative
function is_assoc_array( $var ) {
//false if not an array or empty
if ( (!is_array($var)) || (!count($var)) ) return false;

foreach($var as $k=>$v)
if (! is_int($k)) return true;

return false;
}
?>
Serialize function which generates JavaScript's eval's compatible code.
Usage (JavaScript) :
var myVar = eval('<?php js_serialize($phpvar); ?>');

Notes:
Objects and associative arrays are encoded as JS Objects
Doesn't serialize object methods
Serializes 'resource' types as nulls
Assoc. Arrays containing integer keys, those keys are prefixed with 'idx_'
<?php
function js_serialize($var, $recursed = false) {
if (is_null($var) || is_resource($var)) return 'null';
$js = '';

//object or assoc. array
if (is_object($var) || is_assoc_array($var)) {
//typecast to array in the case it could be an object
$props = (array)$var;

foreach($props as $k=>$v) {
//index values are preffixed with 'idx_'
if (is_int($k)) $k = "idx_$k";
$js .= $k.':'.js_serialize($v, true).',';
}
if (count($props))
$js = substr($js, 0, strlen($js)-1);

$js = '{'.$js.'}';
if (! $recursed) $js = "($js)";

} elseif (is_array($var)) {
foreach($var as $v)
$js .= js_serialize($v, true).",";
if (count($var))
$js = substr($js, 0, strlen($js)-1);
$js = "[$js]";

} elseif (is_string($var)) {
   //escape the string
   $var = str_replace( array('"', "\n", "\r"), array('\\"', '\\n'), $var );
   $js = $recursed ? "\"$var\"" : "(new String(\"$var\"))";

} elseif (is_bool($var)) {
$var = ($var)?'true':'false';
$js = $recursed ? $var : "(new Boolean($var))";

} else { //should be an int or a float in theory
$js = $recursed ? $var : "(new Number($var))";
}
return $js;
}
?>


webmaster

People usually use 'hidden' fields when they submit some variables from previous step to the next step even if they have so many varibles to send. It will look like following form.
<form name='tmpForm' method='post' action='nextStep.php'>
<input type='hidden' name='var[name]' value='<?=$var[name]?>'>
<input type='hidden' name='var[id]' value='<?=$var[id]?>'>
<input type='hidden' name='var[address]' value='<?=$var[address]?>'>
<input type='hidden' name='var[age]' value='<?=$var[age]?>'>
<input type='hidden' name='var[gender]' value='<?=$var[gender]?>'>
<input type='hidden' name='var[car]' value='<?=$var[car]?>'>
.
.
.
</form>
Look at the following codes. It is more simplified. I'd better use base64_encode and serialize than stripslashes and serialize.
<form name='tmpForm' method='post' action='nextStep.php'>
<input type='hidden' name='var' value='<?=base64_encode(serialize($var))?>'>
</form>
Have Fun !!!


antonie

Passing of multiple select (single dimensional or even multidimensional) arrays is even harder, even using serialize.

ignatiev

One problem with serialize() is that by default it does NOT alter the object, so nothing prevents you from continuing using you object after serialize()'ing it.
After a while, you or someone else decides to optimize storage of this object and add a __sleep and __wakeup functions; now, serialize()'ing this same class calls __sleep() member function, potentially changing the object - old code unexpectedly breaks.
Possible solutions: in the above scenario old code would most likely still work if __sleep() only creates new object variables, not altering existing ones.  Another option is to always call __wakeup(), if it exists, after each serialize(), or immediately destroy the object if it is no longer used.


brucecompanys

O.o
I sampled your detection and it's bloody idiocy!
Try this:
<?php
$string = "hello, my name is Bruce!";
$string = serialize($string);
echo $string;
echo "<br />";
echo unserialize($string);
?>
Displays:
s:25:"hello, my name is Bruce!"
hello, my name is Bruce!
Bruce


eggyknap

My thanks to the editor who pointed out the serialization bug. According to the bug report, this should be fixed in version 5.0.4, and is confirmed fixed in v 5.0.5. Unfortunately I'm not in a position to update my installation, but I found that passing the serialized string through addslashes before saving it to the database does the trick. It may be a bit inefficient, but it works.

cjmeyer

More on troubles with recursive object references and serialization.
In my PHP 4.2.2 the solution suggested above (by james at gogo dot co dot nz), to pass a reference to the object to serialize(), does not help.  There are still multiple copies of the objects woken up, and the recursive reference is no longer recursive.
The only solution I have found is to use the __sleep and __wakeup magic functions to only serialize the link one-way, then recreate it manually on unserialize.  This isn't too difficult;  here is some code demonstrating this approach:
class A {
 var $data = Null;
 var $b = Null;
 function A($data, $bData) {
   $this->data = $data;
   $this->b = new B(&$this, $bData);
 }
 function printData() {
   print 'A thinks A data is ' . $this->data . "\n";
   print 'A thinks B data is ' . $this->b->data . "\n";
 }
 function __sleep() {
   print "A is going to sleep.\n";
   return array('data', 'b');
 }
 function __wakeup(){
   print "A is waking up.\n";
   $this->b->reLinkA($this);
 }
}
class B {
 var $data = Null;
 var $a = Null;
 function B(&$a, $data) {
   $this->a =& $a;
   $this->data = $data;
 }
 function printData() {
   print 'B thinks A data is ' . $this->a->data . "\n";
   print 'B thinks B data is ' . $this->data . "\n";
 }
 function __sleep() {
   print "B is going to sleep.\n";
   return array('data');
 }
 function __wakeup(){
   print "B is waking up.\n";
 }
 function reLinkA(&$a) {
   $this->a =& $a;
 }
}
$a = new A("origAdata", "origBdata");
print '<pre>';
print "I think A data is " . $a->data . "\n";
print "I think B data is " . $a->b->data . "\n";
$a->printData();
$a->b->printData();
$serA = serialize($a);
$newA = unserialize($serA);
$newA->data = 'newAdata';
$newA->b->data = 'newBdata';
print "I think new A data is " . $newA->data . "\n";
print "I think new B data is " . $newA->b->data . "\n";
$newA->printData();
$newA->b->printData();


jeex

It may be worth noting that, depending on the size of the object you are serializing, the serialize function can take up a lot of memory.
If your script isn't working as expected, your serialize call may have pushed the memory usage over the limit set by memory_limit in php.ini.
More info on memory limits here: http://www.php.net/manual/en/ini.core.php


s dot marechal

In response to gafunchal NOSPAN at inf dot ufrgs dot br:
What you are seeing is not a bug in PHP's serialize() function, but a side-effect of the floating point type. Floats are inherintly inaccurate and you are seeing it's inaccuracy.
More information about IEEE floats:
http://www.math.byu.edu/~schow/work/IEEEFloatingPoint.htm
http://www.codeguru.com/forum/printthread.php?t=323835


jouhni jouhni

In order to save serialized values in cookies you have to pay attention to the following:
A serialized array looks like this:
a:2:{i:0;s:9:"Element 1";i:1;s:9:"Element 2";}
Because quotation marks are saved with a backslash in front of it in cookies it is not possible to unserialize a cookie-saved serialized array. You have to do a stripslashes() before unserializing the cookie.


dan

In order to safely unserialize a complex object in any context, it is wise to save two files at the time of serialization (or save the file in two parts).  One file will contain the result of get_included_files() at the time of serialization and the other file contains the serialized version of the object.  To unserialize, simply read in the included file list and call include_once on all of those files and then call unserialize on your object data.
While this may be slightly inefficient because certain files that were included are no longer needed (maybe they were only needed when creating the object), at least you can be sure the object data is going to come out of serialization okay.
Note: If you stick to the convention of classes beginning with uppercase (and the filenames following the classnames) then you can even filter the get_included_files() list to get only the class definition files.


brooklynphil hotmail com

In my experience of the (far and few in between) times when it is necessary to store large (megabytes) amounts of data in a php-readable ascii file format, using var_export() and require() is much faster serialize() and unserialize(file_get_contents()) (I have tested it on classes encapsulating arrays, i.e. <?php class blah { $a = array(megsofstuffhere); $b = array(megsofstuffhere); $c=... }; $data = new blah ?>)   (var_export is also more readable and notepadable than serialize!)
However, since var_export produces only the rvalue (or uninstantiation), of the data needed, dont forget to cosmetically modify output of var_export( , true): in case of classes, you will need to use "$var = new classname" (and rename a possible stdClass) and in case of arrays, etc, just use "$var = ".var_export().  The file being var_export()ed to and require()ed must also be encapculated in "<?php ?>" when written to (or else its just dumped to browser/stdout as a textfile).
Hope this helps :)
--Phil
P.S. (in cases of small amounts of data, serialize is better, especially for cross-URL data transport using <?php base64_encode(gzdeflate(serialize()))?>)


jasbarne nospam indiana spamsucks edu

ignatiev at users dot sourceforge dot net and others using __sleep():
If you decide to add this functionality (for whatever reason) you can serialize a modified copy of the object instead of the original object.  There's added overhead of copying, but doing this allows you to continue using the original object after you've serialize it.


sbarnum

If you're having trouble with serialized strings, try this function.  Pass it the name of an array whose value you want to include in hidden form inputs, a url, or session variable.  Works with strings or multidimensional arrays.
<?php
   //////////////////////////////////////////////
   // propogate v0.8 by sbarnum
   // method can be 'form' or 'url' or 'session'
   //////////////////////////////////////////////
function propogate ($arrayName, $method='form', $arrayData=''){
   if($arrayData){
       // custom values passed to array, use these instead of globals
       ${$arrayName} = $arrayData;
   }else{
       // use global values
       global ${$arrayName};
   }
   if ($method == "session"){
       session_register(${$arrayName});
       return TRUE;
   }
   @reset(${$arrayName});
   while (list($key,$value)=@each(${$arrayName})){
       if (is_array($value)){
           $subArrayName = $arrayName . "[" . $key . "]";
           $html .= propogate ($subArrayName, $method, $value);
       }else{
           switch ($method){
               case "form":
               $html .= "<INPUT type='hidden' name='".$arrayName."[".$key."]' value='".htmlspecialchars($value)."'>\n";
               break;
               case "url":
               $html .= "&".$arrayName."[".$key."]=" . urlencode($value);
               break;
           }
       }
   }
   return $html;
}
?>


php barryhunter co uk

if you wanting to do something similar to 'mwwaygoo AT hotmail DOT com', then you may want to look at the built in function var_export.
"var_export() gets structured information about the given variable. It is similar to var_dump()  with one exception: the returned representation is valid PHP code."


kjh90

If you want to put serialized data into DB, you have to add slashes.
At this point, there's a problem. If you got data via HTTP POST method, the data has slashes already. I tried to work with "array_walk" or "array_map", but it doesn't work when the data has array.
So make extended stripslashes function.
<?php
function my_stripslashes($vals) {
if (is_array($vals)) {
foreach ($vals as $key=>$val) {
$vals[$key]=my_stripslashes($val);
}
} else {
$vals = stripslashes($vals);
}
return $vals;
}
$data = addslashes(serialize($_POST));
...
$SQL="insert into DB() values($data)";
...
$SQL="select data from DB";
...
$data = my_stripslashes($data);
...
?>


mary

If you use serialize() to easily convert an array to a sort of string which you can add to a URL, pay attention to the length of the serialized array.
A URL has a limit when it comes to passing variables and values and it cuts off whatever is over limit. If your serialized array is too long, it will be cut off and you will end up with strange results on your other pages.


info

If you are using Cache_Lite from pear.php.net and if you are logging in your users using cookies, use this cache-ID for example:
<?php
$cache_id = base64_encode($_SERVER['REQUEST_URI'] . serialize($_COOKIE));
?>
This will create a new page in cache when a user logs in. Anyway he can't login properly. Works fine for me.
Sorry for my broken English.


embeded nulls with private vars

If you are serializing an object with private variables, beware. The serialize() function returns a string with null (\x00) characters embedded within it, which you have to escape. Not great if you're trying to save objects into a DB...

stephen dot adamson

If you are serializing an object to store it in the database, using __sleep() can save you some space. The following code will not store empty (null) variables in the serialized string. For my purposes this saved a lot of space, since some of the member variables would not be given values.
function __sleep()
{
   $allVars = get_object_vars($this);
   $toReturn = array();
   foreach(array_keys($allVars) as $name)
   {
       if (isset($this->$name))
       {
           $toReturn[] = $name;
       }
   }
   return $toReturn;
}


mc_gurk

If you are going to serialie an object which contains references to other objects you want to serialize some time later, these references will be lost when the object is unserialized.
The references can only be kept if all of your objects are serialized at once.
That means:
$a = new ClassA();
$b = new ClassB($a); //$b containes a reference to $a;
$s1=serialize($a);
$s2=serialize($b);
$a=unserialize($s1);
$b=unserialize($s2);
now b references to an object of ClassA which is not $a. $a is another object of Class A.
use this:
$buf[0]=$a;
$buf[1]=$b;
$s=serialize($buf);
$buf=unserialize($s);
$a=$buf[0];
$b=$buf[1];
all references are intact.


corey

If this helps anybody, I was looking for a few quick calls to cache stuff to files. I settled on the below functions. By the way, if I am doing something stupid here, I'd appreciate some comments on that also. Anyway, on with the code:
First, the usage:
//Use:
$var = tuncache('MyCacheName');
if (is_null($var)) {
$var = 'a really expensive process';
$check = tcache('MyCacheName', $var, '+25 minutes');
if (is_null($check)) {
die('I need to reset my permissions or get a bigger hard drive');
}
}
//use $var now
Now, the functions:
//uses strtotime to decide how long to cache $cacheVar based on $lifespan
//so anything but a timestamp works. +1 day works, 09/14/2010 works, etc
function tcache($cacheName, $cacheVar, $lifespan=null) {
if (!is_null($lifespan)) { //a lifespan was provided
if (strpos($lifespan, '+') === 0 || strpos($lifespan, '-') === 0) {
//Have to do this to counter for bug in php5 to
//properly evaluate now to do the date math
$endTime = strtotime(date('m/d/Y H:i:s') . ' ' .$lifespan);
} else {
//we can safely use anything else I think
$endTime = strtotime($lifespan);
}
} else {
//cache forever (forever being ten years) until manually deleted
$endTime = strtotime(date('m/d/Y H:i:s') . ' +10 years');
}

$cVal = serialize($cacheVar);
$file = tFindcache($cacheName);
$result = true;

$f = fopen($file, 'w');
if ($f === false) {
$result = null; //barf if we can't open the file
} else { //write the cache
fwrite($f, $endTime . "\n");
fwrite($f, $cVal);
fclose($f);
}

return $result;
}
function tuncache($cacheName) {
$file = tFindCache($cacheName);
if (is_readable($file)) {
//open file
$f = fopen($file, 'r');
$time = time();
$expTime = trim(fgets($f));
//check time
if ($time > $expTime) {
//It expired
$result = null;
} else {
//Read it and unserialize it
$data = fread($f, filesize($file));
$result = unserialize($data);
}
} else {
//barf
$result = null;
}

return $result;
}
//just to set a few options for setting where to save stuff
function tFindCache($cacheName) {
if (isset($_ENV['PHP_CACHE_PATH'])) {
$cachePath = $_ENV['PHP_CACHE_PATH'];
} else if (isset($_SERVER['PHP_CACHE_PATH'])) {
$cachePath = $_SERVER['PHP_CACHE_PATH'];
} else {
$cachePath = './'; //Potential danger here
}

$cachePath .= 'PHP_CACHE_' . $cacheName . '.cache';

return $cachePath;
}


me-no-spam-iain

i've just been having fun with the Serializable interface. The big prob is that get_class_vars does not return the current values of the vars, and get_object_vars does not return private members :-( this behaviour was alledgedly fixed in cvs march 2005, but is back again!! i've reported it here:
http://bugs.php.net/bug.php?id=36693
the following are serialize and unserialize functions that will allow you to implement the Serializable interface, saving all members' current values and giving any extending classes the opportunity to add in any of their private member variables as well.
       public function serialize()
       {
           $serialized = array();
           foreach(array_keys(get_class_vars(__CLASS__)) as $key)
               eval('$serialized[\''.$key.'\'] = $this->'.$key.';');
           $this->serializeMore($serialized);
           return serialize($serialized);
       }
       protected function serializeMore(&$arr)
       {
       }
       public function unserialize($serialized)
       {
           $data = unserialize($serialized);
           foreach($data as $prop => $val)
               $this->$prop = $val;
           $this->unserializeMore($data);
           $this->releaseTable();
           return true;
       }
       protected function unserializeMore($data)
       {
       }


paul

I was trying to submit a serialized array through a hidden form field using POST and was having a lot of trouble with the quotes. I couldn't figure out a way to escape the quotes in the string so that they'd show up right inside the form, so only the characters up to the first set of quotes were being sent.
My solution was to base64_encode() the string, put that in the hidden form field, and send that through the POST method. Then I decoded it (using base64_decode()) on the other end. This seemed to solve the problem.


16-jan-2006 03:47

I use PHP 4.3.10 and I found out that if you use a class "MyClass", the constructor of the class must be called "__construct()" and NOT "MyClass()" like in Java or other languages.
If you use the "MyClass()" constructor, the following won't work :
   $_SESSION['obj_my_class'] = new MyClass();
If you don't believe me, you can have a look in the directory "session.save_path" (default /var/lib/php4) where is stored the session's file. You will see this :
   obj_my_class|N;
and not your complete class!
It took me almost one day to understand what was happening... :-(


iam4webwork

I think an example is in order to specify what is meant by "returns a string containing a byte-stream representation of value that can be stored anywhere."
Here's an example:
<?php
echo serialize("php");
?>
Result is as follows:
s:3:"php";
The cryptic result is a string indicating that the serialized data is itself a string of 3 bytes whose value is "php".


angel

I recently had a problem inserting serialized array in mysql DB using PEAR DB_Base class functions. mySQL fails to insert the serialized array because the serialized data contains semicolon. A way to solve that problem is to make same changes to the serialized data:
$serializeorder = serialize($order);
$serializeorder = preg_replace("#;#msi",'0x3B',$serializeorder);
$serializeorder = preg_replace("/(\n)|(\r)/"," ",$serializeorder);
$serializeorder = addcslashes($serializeorder, "\0..\37!@\@\177..\377");
$serializeorder = addslashes($serializeorder);
Here we substitute the semicolon with it's hex. We alse get rid of cariage return. Remember to make the vise versa substitution again when extracting the data.


lacent

i noticed the same problem related to quotes, but the person below had no code detailing it. i can only assume he wrote it to fix values, and not to fix the whole array, so heres 2 functions to handle encoding the array.
function slw_serial ( $var = array(), $recur = FALSE )
{
if ( $recur ) {
foreach ( $var as $k => $v )
{
if ( is_array($v) ) {
$var[$k] = slw_serial($v, 1);
} else {
$var[$k] = base64_encode($v);
}
}
return $var;
} else {
return serialize(slw_serial($var, 1));
}
}

function slw_unserial ( $var = FALSE, $recur = FALSE )
{
if ( $recur ) {
foreach ( $var as $k => $v )
{
if ( is_array($v) ) {
$var[$k] = slw_unserial($v, 1);
} else {
$var[$k] = base64_decode($v);
}
}
return $var;
} else {
return slw_unserial(unserialize($var), 1);
}
}
---------
USAGE:
---------
$array = array();
$array[] = 'this "is a" test';
$array[] = array('pos'=>'test', 'name'=>'some "dude in" cali');
$array = slw_serial($array);
echo $array . '<Br>
';
$array = slw_unserial($array);
echo print_r($array, 1);


james

I just spent an hour rifling through code to find the cause of a problem
only to find it's an oddity with serialization and recursive objects, so
figured I'd post for the next person who gets the same problem.
********************************* Symptoms *********************************
When unserializing a previously serialized object, the __wakeup() function
is mysteriously called more than once, and the accessing the objects
properties from the "outside" gives different results than accessing them
from an object contained within the object and holding  a recursive
reference to the object.
********************************** Example *********************************
<?php
class foo2 {
       var $foo = NULL;
       function foo2(&$foo) {
               $this->foo =& $foo;
       }
       function fooName() {
               echo 'foo2 thinks foo->name is ' . $this->foo->name . '
';
       }
}
class foo {
       var $name  = 'unnamed';
       var $foo2 = NULL;
       function foo() {
               $this->foo2 =& new foo2($this);
       }
       function fooName() {
               echo 'foo thinks foo->name is ' . $this->name . '
';
       }
       function __wakeup() {
               echo "foo is waking up
";
       }
}
$myFoo         =& new foo();
$myFoo->name   = 'myFoo';
echo "I think foo->name is {$myFoo->name}.
";
$myFoo->fooName();
$myFoo->foo2->fooName();
$serializedFoo = serialize($myFoo);
$myNewFoo      = unserialize($serializedFoo);
$myNewFoo->name = 'myNewFoo';
echo "I think foo->name is {$myNewFoo->name}.
";
$myNewFoo->fooName();
$myNewFoo->foo2->fooName();
?>
********************************** Analysis ********************************
execution of the example produces...
I think foo->name is myFoo.
foo thinks foo->name is myFoo
foo2 thinks foo->name is myFoo
foo is waking up
foo is waking up
I think foo->name is myNewFoo.
foo thinks foo->name is myNewFoo
foo2 thinks foo->name is myFoo
We can see that the first three lines are as expected, however we see
__wakeup is happening twice, and then the final line is in error as foo2
apparently does not see the changed name.
What is happening is that there are actually two seperate foo objects being
deserialized, the "top level one" and the one that was originally
referenced in foo2, that is, the reference is not being serialized as a
reference but rather a whole object.  This is evident in the two __wakeup()
calls, there are two foo objects being woken up.
******************************** Solution **********************************
The solution is very simple, when serializing it is necessary to force the
passing of a reference to the top-level object being serialized thus..
$serializedFoo = serialize(&$myFoo);
with that form of the serialization (note the ampersand to force passing of
reference), the example produces the following..
I think foo->name is myFoo.
foo thinks foo->name is myFoo
foo2 thinks foo->name is myFoo
foo is waking up
I think foo->name is myNewFoo.
foo thinks foo->name is myNewFoo
foo2 thinks foo->name is myNewFoo
We note now there is only one __wakeup() call being made and that all
parties agree on the name property of the foo object.
******************************** Notes ************************************
I was of the belief that ampersand's in the arguments to functions was
deprecated in favour of ampersands in the function's parameter list
declaration (i.e instead of "blah(&$my_thing)" we declare blah as "function
blah(&$your_thing) {...}"), however this required use of serialize seems to
contravene this deprecation as it is plainly necessary to use the ampersand
in the function call here.  Perhaps this is a hold-over from earlier times
and will be changed in the future ?
--
James Sleeman (http://www.gogo.co.nz/)


scott

I have written a perl module that does the same thing as PHP's serialize() and unserialize() commands so that Perl can now serialize and unserialize data in the same format as PHP.
It's quite handy for storing information in databases or files (or anywhere, really) that both PHP and Perl scripts need to read from and write to.
It supports string, double, integer, and array types (no object or reference support).
It's free code, too. :)
URL: http://hurring.com/code/perl/serialize/


friday13

I have problem to use serialize function with hidden form field and the resolution was use htmlentities.
Ex.:
<?
$lista = array( 'pera', 'maça', 'laranja' );
print "< input type='hidden' name='teste' value='htmlentities( serialize( $lista ) )'" >";
?>


pli9

I have also written some code for importing serialized PHP data into PERL and then writing it back into PHP.  I think the similar library posted above is actually more robust for a few select cases, but mine is more compact and a little easier to follow.  I'd really like comments if anyone finds this useful or has improvements.  Please credit me if you use my code.
http://www.hcs.harvard.edu/~pli/code/serialPHP.pm


nothanks

I had to put a massive multidimensional array in a single field in the database. Unfortunatly the array contained lots of "forbidden" characters: ", ', ;, :, and so on and so forth, breaking the query and my later attempts at deserialize().
Here's a quick and dirty solution:
<?php
$safe_string_to_store = base64_encode( serialize( $multidimensional_array ) ) ;
?>
And in the other end:
<?php
$encoded_serialized_string = dbh->query("SELECT archives_arr FROM ". $table_name . " WHERE id=0")
$array_restored_from_db = unserialize( base64_decode( $encoded_serialized_string ));
?>


pavic

Hi, if You get code like
d:234 and than string You wanted, it's the problem, that
s dot marechal at jejik dot com
explanied.
Well, here is a workaround for that problem, function safe serialize, which won't produce that unwanted chars...
function safe_serialize($string) {
return preg_replace("/(\n)|(\r)/"," ",$string);
}


rodrigo

Hi!
If you wanna save all the POST data and reload it again in another time... you can use this:
(Thanks for my_stripslashes() function ;-)
<?php
// saving POST
if ($REQUEST_METHOD=="POST") {
   $fp = fopen("postData.txt","w");  
 $data = addslashes(serialize($_POST));
 fwrite($fp, $data);
  fclose($fp);
}
// reloading POST and passing to variables
if (file_exists("postData.txt")) {
 $data = file("postData.txt");
 $data = my_stripslashes($data[0]); // catches it in some message above
 $postData = unserialize($data);
   extract($postData, EXTR_OVERWRITE);
}
?>
Now you have all variables from old POST in your actual script.
Well useful when you have a great form very used and of course, DEPENDING of your tool.


alexander podgorny

Here is an example of a base class to implement object persistence using serialize and unserialize:
<?
class Persistent
{
var $filename;

/**********************/
function Persistent($filename)
{
$this->filename = $filename;
if(!file_exists($this->filename)) $this->save();
}
/**********************/
function save()
{
if($f = @fopen($this->filename,"w"))
{
if(@fwrite($f,serialize(get_object_vars($this))))
{
@fclose($f);
}
else die("Could not write to file ".$this->filename." at Persistant::save");
}
else die("Could not open file ".$this->filename." for writing, at Persistant::save");

}
/**********************/
function open()
{
$vars = unserialize(file_get_contents($this->filename));
foreach($vars as $key=>$val)
{
eval("$"."this->$key = $"."vars['"."$key'];");
}
}
/**********************/
}
?>
When an object is extended from this one it can be easily saved and re-opened using it's own methods as follows:
<?
class foo extends Persistent
{
  var $counter;
  function inc()
  {
      $this->counter++;
  }
}
$fooObj = new $foo;
$foo->open();
print $foo->counter; // displays incrementing integer as page reloads
$foo->inc();
$foo->save();
?>


andrea

Hello!
Here you can find a JavaScript Object that should serialize JS vars for PHP and unserialize PHP vars for JavaScript.
http://www.devpro.it/javascript_id_102.html
Please read notes inside the code to know more about vars compatibility.
It was created to resolve AJAX interaction and maybe usefull for other situations .... such:
<?php
// example nested array
$myarray = array(
true,
123,
array(
'nested',
array(
1,
'test'=>false
)
),
'other'=>'value'
);
// array serializzation
$serialized = serialize($myarray);
?>
<script type="text/javascript" src="PHP_Serializer.js"></script>
<script type="text/javascript">
// function to dump an object
function showObject(obj, level) {
var l = '';
var tmp = '';
for(var a = 0; a < level; a++)
l += '[_]';
for(var a in obj) {
var type = typeof(obj[a]);
if(type == 'object')
tmp += showObject(obj[a], (level + 1));
else
tmp += l + ' key: ' + a + ' = value: ' +
obj[a] + ' < ' + type + '\n';
}
return tmp;
}
// new PHP_Serializer variable
var php = new PHP_Serializer();
// dinamyc JS var creation
var myJSvar = php.unserialize("<?php echo str_replace('"', '\\"', $serialized); ?>");
// look at dump :-)
alert(showObject(myJSvar, 0));
</script>
Regards


mwwaygoo

Hello people,
I had major problems getting serialize to work properly, as I wanted to sync two databases via email, and needed a way of converting a retrieved row to a string. It works the reverse of array(), in that it creates a statement that you can use to evaluate to the original array, so I called it unarray().
Its a recursive function (self calling), so it doesnt matter how complex the array is.
<?php
$source=array(1,4,'x'=>'test');
$text=unarray($source);
$destination=array(); // prime the variable incase of failure.
eval('$destination='.$text);
print_r($destination);
// unarray.php    REVERSE of array();
function unarray($array, $first=TRUE)
{
$text="";
if(is_array($array))
{
$text.="array(";
while(list($key,$value)=each($array))
{
if(is_string($key))
{
$text.="'".$key."'";
}
else
{
$text.=$key;
}
$text.="=>";
$text.=unarray($array[$key], FALSE);
}
$text=$text."), ";
}
else
{
if(is_string($array))
{
$text.="'".addslashes($array)."', ";
}
else
{
if(is_bool($array))
{
if($array)
{
$text.="TRUE, ";
}
else
{
$text.="FALSE, ";
}
}
else
{
if(is_null($array))
{
$text.="NULL, ";
}
else
{
$text.=$array.", ";
}
}
}
}
if($first) $text=substr($text,0,-2).";";
return $text;
}
?>
p.s. I realise that it also creates unnecessary commas, but these are ignored when re-creating it. array(1,2,) is the same as array(1,2).


btbeat

Generally when I do an insert into a database table of posted data, I use the recommended mysql_real_escape_string function, with stripslashes if the get_magic_quotes_gpc is on.
<?php
function prepData($var) {
 if (get_magic_quotes_gpc()) {
   $var = stripslashes($var);
 }
return mysql_real_escape_string($var);
}
?>
I've been having a problem inserting a serialized array into a MySQL database that contained single and double quotes for values.
ex: "quotes" => "some 'quoted' "text""
you'd think it would be:
a:1:{s:6:"quotes";s:20:"some 'quoted' "text"";}
as prepData function would strip the slashes.
However, what goes into the database is:
a:1:{s:6:"quotes";s:24:"some 'quoted' "text"";}
as if there are slashes before the single and double quotes.
Obviously on unserializing the data, there is an error, as 24 chars are expected, when there are only 20.
So, the solution I've coded for my safe insert prepData function is:
<?php
function prepData($var, $serialized = 0) {
 if( $serialized == 0 )  {
   if (get_magic_quotes_gpc()) {
     $var = stripslashes($var);
   }
 }
return mysql_real_escape_string($var);
}
?>
when inserting plain data from a post:
<? $data = prepData($data); ?>
for serialized data:
<? $data = prepData($data, 1); ?>
cracked my head on this one a bit :|
strange behaviour for serialize(), i.e. string count, counts slashes that are not there.


krisdover

For anyone looking for a way to import PHP serialized variables into java as java Objects; I have written a simple class to unserialize strings containing PHP serialized variables. It makes the follow type mappings:
 _PHP_Type_   --------->   _Java_Object_Type_
    array                            java.util.HashMap
    int                                java.lang.Integer
    double                           java.lang.Double
    boolean                         java.lang.Boolean
    string                            java.lang.String
and it does not presently support the PHP Object type.
Download the source code here: http://lappy.gotdns.com/drupal/files/PHPSerialization.java
Regards


ates goral

Corrections/clarifications to  "Anatomy of a serialize()'ed value":
All strings appear inside quotes. This applies to string values, object class names and array key names. For example:
s:3:"foo"
O:7:"MyClass":1:{...
a:2:{s:3:"bar";i:42;...
Object property names and values are delimited by semi-colons, not colons. For example:
O:7:"MyClass":2:{s:3:"foo";i:10;s:3:"bar";i:20}
Double/float values are represented as:
d:0.23241446


andrew dot morrison

Correction to my last note:
__sleep should return an array only containing the names of instance-variables to serialize.
A simple (if not a little wasteful) hack to serialize all but a few class vars is to use get_class_vars as follows:
<?php
class strawman
{
 var $good_var;
 var $lame_var;
 function __sleep()
 {
   print "Function __sleep() called\n";
   $vars = get_class_vars('strawman');
   unset($vars['lame_var']);
   return array_keys($vars);
 }
 function __wakeup()
 {
  print "Function __wakeup() called\n";
 }
 function strawman() { }
}
session_start();
if(session_is_registered('strawman'))
{
 print("session data:\n");
 print_r($_SESSION['strawman']);
 session_destroy();
}
else
{
 $strawman =& new strawman();
 session_register('strawman');
 print("new session data:\n");
 print_r($_SESSION['strawman']);
}
?>


18-jul-2001 02:39

BEWARE: if you serialize to store values on a database, and the variables you are serializing already have the " (double-quote) char, you may have a problem. After serializing you will have var delimiters as " and content " (double-quotes) escaped, but your databse may just treat them like the same. You end up with a failed unserialize. You want something like:
a:5:{s:9:"this is a \"quote\"";a:1:{s:(ETC)
And not:
a:5:{s:9:"this is a "quote"";a:1:{s:(ETC)
So just make sure you double escape content quotes ...
It's simple, but i can't explain it any simpler =(


abk

BEWARE: if you are serializing a complex object with recursive references, serialize a reference to the object. Otherwise you'll get strange and mysterious results.
Always this: $str = serialize(&$object);
not this: $str = serialize($object);


neil green

Are you trying to store and retrieve an object from session and it's disappearing?  Did you look at what the serialized object looked like and saw a strange "N;"?  Does the object you're trying to serialize or store in a session define the __call magic method?
Here's the problem:  If you try to serialize an object that uses the __call magic method you are not going to be able to unserialize it.
Here's what happens:
1.  You try to serialize an object with the __call magic method defined
2.  The magic method __sleep is always called on an object being serialized
3.  __call traps __sleep because it's not defined
4.  __call does not respond to __sleep with what is expected: an array of properties to serialize
The solution is defining a __sleep method that returns what it's supposed to when you define a __call:
<?
// This is just a handy debug function
function show( $object ){ echo "<pre>" . print_r( $object, true ) . "</pre>"; }
class foo
{
private $private = "private value";
public $public = "public value";

public function __call( $method, $arguments )
{

}

// Remove this and serialise/unserialse won't work
public function __sleep()
{
return array_keys( get_object_vars( $this ) );
}
}
$foo = new Foo();
show( $foo );
$serializedFoo = serialize( $foo );
show( $serializedFoo );
show( unserialize( $serializedFoo ) );
?>
BTW, I'm using PHP Version 5.0.4 on Windows.
To the editor:  This post may be useful under the __call, __unserialise, and session pages as well.


varrah no_garbage_or_spam

andrea at 3site dot it gave a link for a JavaScript serialization class, but be prepared! This class works only on single-byte symbols, since JS str.length property gives the length of the string in SYMBOLS, not bytes (as PHP serialize() does), so a Unicode string JS-serialized in a way like:
strSerialized = "s:" + strOriginal.length + ":" + strOriginal;
will not be unserialized correctly by PHP.


richard dot prangnell

Although the serialise function has its proper uses, it is a relatively slow process. I try to avoid using it wherever possible in the interests of performance. You can store text records in a database as plain text even when it contains PHP variables. The variable values are lost, naturally; but if they can easily be re-attached to retrieved records, zillions of clock cycles can be saved simply by using the str_replace() function:
 if($convert)
 {
   $mainContent = str_replace('$fixPath', $fixPath, $mainContent);
   $mainContent = str_replace('$theme', $theme, $mainContent);
 }
The above snippet is used in a CMS project. $fixPath contains  something like '.' or '..' to prepend relative paths (allowing the record to be used by scripts located in different parts of the directory hierarchy) and $theme inserts the name of the users custom page rendering scheme, which obviously would be undefined at record storage time anyway.


gleb

About serializing the arrays via hidden fields:
1st page:
$arr1 = array("HELLO");
<input type="hidden" name="arr1" value="&lt;? echo urlencode(serialize($arr1)); ?>">
2nd page:
$arr2 = unserialize(urldecode($arr1));
Important: you have to use urldecode function not stripslashes, simply won't work.


nargy

About serialize/unserialize on objects:
Use this class to unserialize objects :
<?php
class Unserializable
{
 function unserialize($str)
 {
   $ary=unserialize($str);
   for(reset($ary);$kv=each($ary);)
   {
     $key=$kv[key];
     if (gettype($this->$key)!="user function")
       $this->$key=$kv[value];
   }
 }
}
?>


alexei dot filine

A simple way to transfer PHP variables between PHP scripts running on different hosts can be done with HTTP_Request PEAR module. I think it is much more fast way than one done with XML-RPC but less portable (there were described ways to exchange vars between Perl and PHP below). Recieved PHP obects are required to be created before recieving by class definition similar to definition used on sending side. A script sending variable must output nothing except data sent by function 'sendVariable' so a 'composite variable' is to be used to transfer some variables by one request.
<?php
// exchange-protocol.php
ini_set( 'include_path', '.' );
require_once "config.php"; // set $PEAR_path
ini_set( 'include_path', ini_get( 'include_path' ).$PEAR_path );
// PEAR module
require_once "HTTP/Request.php";
// magic words for HTTP header
$gzcompressed_serialized_type = 'application/serialized_gzcompressed_PHP_variable';
$serialized_type = 'application/serialized_PHP_variable';
$compression_flag_name = '_compressionFlag_';
// Date in the past
header( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
// always modified
header( "Last-Modified: ".gmdate( "D, d M Y H:i:s" )." GMT" );
// returns non-zero on success
function recieveVariable( $url,
 &$var,
 $user = '',
 $passw = '',
         $compression_flag = 1 ) {
global $gzcompressed_serialized_type;
global $serialized_type;
$req =& new HTTP_Request( "" );
  $req->setURL( $url );
  $req->setMethod( HTTP_REQUEST_METHOD_POST );
  // set user/password if required
if ( $user && $passw ) {
  $req->addPostData( $user,
                    $passw );
}
  $response = $req->sendRequest();
  $req->clearPostData();
if ( $compression_flag ) {
$req->addPostData( $compression_flag_name, 1 );
}
  if ( PEAR::isError( $response ) ) {
    echo $response->getMessage();
  } else {
        $header = $req->getResponseHeader();
        if ( $req->getResponseCode() != 200 ||
            ! ( $header['content-type'] == $gzcompressed_serialized_type ||
                   $header['content-type'] == $serialized_type ) ) {
                // type error message
                echo $req->getResponseBody();
        } else {
                if ( $header['content-type'] == $gzcompressed_serialized_type )
{
                        $data = gzuncompress( $req->getResponseBody() );
                } else {
                        $data = $req->getResponseBody();
                }
                $var = unserialize( $data );
return 1;
        }
}
return 0;
}
// just for extra flexibility, if data chunk is small enough we can skip gzipping on the sending side: $compression_flag = 0;
// in other case we use client preference: $compression_flag = $_REQUEST[$compression_flag_name];
function sendVariable( &$var, $compression_flag = 1 ) {
global $gzcompressed_serialized_type;
global $serialized_type;
// Date in the past
header( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
// always modified
header( "Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
if ( $compression_flag ) {
// set specialised content type to inform about data type
header( 'content-type: '.$gzcompressed_serialized_type );
echo gzcompress( serialize( $var ) );
} else {
// set specialised content type to inform about data type
header( 'content-type: '.$serialized_type );
echo serialize( $var );
}
}
?>
on client side:
<?php
...
require_once "exchange-protocol.php";
...
if (recieveVariable( $url, $var) ) {
   // success...
} else {
   // there was something wrong...
}
?>
on the server side:
<?php
...
require_once "exchange-protocol.php";
...
// there must not be output before the function is called!!! execution is to 'die' if an error occures.
sendVariable( $var, $compression_flag )
?>


markroedel

A call to serialize() appears to mess with the array's internal pointer.  If you're going to be walking through your array after serializing it, you'll want to make a call to reset() first.

aaron dot krohn

@ nothanks
you should be able to prevent your serialized array from breaking the query by escaping it.
$nested_array = serialize($array);
$query_safe = mysql_real_escape_string($nested_array);


gafunchal nospan

(please, excuse my poor English)
'serialize' does strange things with floats, this code:
 $a = 3.14;
 $s = serialize($a);
 $fp = fopen("storage", "w");
 fwrite($fp, $s);
 fclose($fp);
outputs something like (PHP 5.0.2):
d:3.140000000000000124344978758017532527446746826171875;
I wonder why serialize doesn't store data (not only float, I mean all types of data) in a more 'economic' format. Maybe binary is not the best option (there can be trouble storing it in databases), but there are still a lot of other possibilities.


areddan

<?php
/*
This is an array_walk style serialize that works with multi dimensional arrays, it also base64 encodes and decodes to allow ';' to exist in the array.
-- Alan Reddan
*/
$data[qwerty] = "blah";
$data[1][a] = "1aa";
$data[2][b] = "2bb";
$data[3][c] = ";;;;;;";
//To Serialise Call :
array_walk($data,'base64_encoder_multi');
$serialized_string = serialize($data);
//print $serialized_string . '\n'; //uncomment to see serialized array
//To Unserialize Call
$array = unserialize($serialized_string);
array_walk($array,'base64_cleaner_multi');
print_r($array);
//start functions
function base64_encoder_multi(&$val,$key) {
  if (is_array($val)) array_walk($val,'base64_encoder_multi',$new);
  else {
     $val = base64_encode($val);
  }
}
function base64_cleaner_multi(&$val,$key) {
  if (is_array($val)) array_walk($val,'base64_cleaner_multi',$new);
  else {
     $val = base64_decode($val);
  }
}
//ends
?>


egingell

<?
/*
Anatomy of a serialize()'ed value:
String
s:size:value;
Integer
i:value;
Boolean
b:value; (does not store "true" or "false", does store '1' or '0')
Null
N;
Array
a:size:{key definition;value definition;(repeated per element)}
Object
O:strlen(object name):object name:object size:{s:strlen(property name):property name:property definition;(repeated per property)}
String values are always in double quotes
Array keys are always integers or strings
"null => 'value'" equates to 's:0:"";s:5:"value";',
"true => 'value'" equates to 'i:1;s:5:"value";',
"false => 'value'" equates to 'i:0;s:5:"value";',
"array(whatever the contents) => 'value'" equates to an "illegal offset type" warning because you can't use an
array as a key; however, if you use a variable containing an array as a key, it will equate to 's:5:"Array";s:5:"value";',
and
attempting to use an object as a key will result in the same behavior as using an array will.
*/
?>


Change Language


Follow Navioo On Twitter
debug_zval_dump
doubleval
empty
floatval
get_defined_vars
get_resource_type
gettype
import_request_variables
intval
is_array
is_binary
is_bool
is_buffer
is_callable
is_double
is_float
is_int
is_integer
is_long
is_null
is_numeric
is_object
is_real
is_resource
is_scalar
is_string
is_unicode
isset
print_r
serialize
settype
strval
unserialize
unset
var_dump
var_export
eXTReMe Tracker