This was something that surprised me when I was testing serialization tonight. Consider the following code:
<?php
// Note that the only difference between the classes
// is the scope of their only property.
class Test1 { protected $key = 'value'; }
class Test2 { private $key = 'value'; }
class Test3 { public $key = 'value'; }
$t1 = new Test1;
$t2 = new Test2;
$t3 = new Test3;
echo "<pre>";
echo "Protected Size: " . strlen(serialize($t1)) . "\n";
echo "Private Size: " . strlen(serialize($t2)) . "\n";
echo "Public Size: " . strlen(serialize($t3)) . "\n";
echo "</pre>";
?>
When I executed this code on my PHP 5.1.2/WinXPHsp1/Apache2 setup, the result was the following:
<?php
Protected Size: 41
Private Size: 46
Public Size: 38
?>
It may be useful for you to take it into consideration, just in case.
序列化对象 - 会话中的对象
注: 在 PHP 3 中,在序列化和解序列化的过程中对象会失去类的关联。结果的变量是对象类型,但是没有类和方法,因此就没什么用了(就好像一个用滑稽的语法定义的数组一样)。
| 注意 |
以下信息仅在 PHP >= 4 中有效。 |
serialize() 返回一个字符串,包含着可以储存于 PHP 的任何值的字节流表示。unserialize() 可以用此字符串来重建原始的变量值。用序列化来保存对象可以保存对象中的所有变量。对象中的函数不会被保存,只有类的名称。
要能够 unserialize() 一个对象,需要定义该对象的类。也就是,如果序列化了 page1.php 中类 A 的对象 $a,将得到一个指向类 A 的字符串并包含有所有 $a 中变量的值。如果要在 page2.php 中将其解序列化,重建类 A 的对象 $a,则 page2.php 中必须要出现类 A 的定义。例如可以这样实现,将类 A 的定义放在一个包含文件中,并在 page1.php 和 page2.php 都包含此文件。
<?php |
如果在用会话并使用了 session_register() 来注册对象,这些对象会在每个 PHP 页面结束时被自动序列化,并在接下来的每个页面中自动解序列化。基本上是说这些对象一旦成为会话的一部分,就能在任何页面中出现。
强烈建议在所有的页面中都包括这些注册的对象的类的定义,即使并不是在所有的页面中都用到了这些类。如果没有这样做,一个对象被解序列化了但却没有其类的定义,它将失去与之关联的类并成为 stdClass 的一个对象而完全没有任何可用的函数,这样就很没有用处。
因此如果在以上的例子中 $a 通过运行 session_register("a") 成为了会话的一部分,应该在所有的页面中包含 classa.inc 文件,而不只是 page1.php 和 page2.php。
add a note
User Contributed Notes
zabmilenko at hotmail dot com
10-Mar-2006 09:20
10-Mar-2006 09:20
tatwane at hotmail dot com
09-Mar-2006 03:35
09-Mar-2006 03:35
if you are using many fields in your database and want to reduce the number of requests to speed up database access, a good idea is to use objects instead of tables, to serialize them and store them into an unique field with an id and then to retrieve them and unserialize them
this could also make your database more simple when using many fields
maurits_dekkers at DONTSPAM_ME dot planet dot nl
19-Dec-2005 08:35
19-Dec-2005 08:35
If you have register_globals = on, then be very careful about naming conventions when it comes to sessions and objects.
Example:
<?php
/* Setting the session variable, which becomes "$order" if register_globals is on */
session_start()
$_SESSION["order"] = "SomeValue";
/* Instantiating an object with the same name as the session variable */
$order = new Classname;
?>
This will activate the __PHP_Incomplete_class object within your session variable! This, all references and methods to $order will not work.
Took me hours to figure this out, so I hope this is helpful.
fluw at gmx dot net
14-Aug-2005 12:06
14-Aug-2005 12:06
never serialize an object, if it contains references to itself. Just create the object in an array, or make a reference of this object in an array before calling serialize() and serialize the array instead of the object.
print_r is fine to validate a reference: The reference will be serialized in a right way, if print_r returns a *recursive* on right place (look carefully).
Just have a look on this small example:
<?
class foo {
var $bar;
function addBar() {
$this->bar = new bar(&$this);
}
}
class bar {
var $parentFoo;
function bar(&$partentBean) {
$this->parentFoo =& $partentBean;
}
}
$foo = new foo();
$foo->addBar();
$fooArray = array(&$foo);
echo "<pre>";
print_r($foo);
echo serialize($foo);
echo "</pre>";
echo "<pre>";
print_r($fooArray);
echo serialize($fooArray);
echo "</pre>";
?>
OutPut:
foo Object
(
[bar] => bar Object
(
[parentFoo] => foo Object
(
[bar] => *RECURSION*
)
)
)
O:3:"foo":1:{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";O:3:"foo":1:
{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";R:3;}}}} //sorry for linebreak
Array
(
[0] => foo Object
(
[bar] => bar Object
(
[parentFoo] => *RECURSION*
)
)
)
a:1:{i:0;O:3:"foo":1:{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";R:2;}}}
if you serialize the object, the the refernce becomes a copy an first the reference inside the copy is a real reference, (but just only to the copy, for sure :).
nate at NO-SPAMnatereed dot com
26-May-2005 12:31
26-May-2005 12:31
I can't store an instance of MySQLPagedResultSet (I grabbed this code from Kevin Yank at Sitepoint) in my session without losing all the data. This seems related to the previous post since the result set member variable is from calling mysql_query(). It doesn't get serialized properly and when I retrieve it from the session the result set is empty.
My workaround is store the query (ie. select * from mydata where id in (1,2,3...)) instead of the result set. In this particular case, it works beautifully and yields a big performance boost, since the id's are generated from several other queries that can now be avoided. With query caching on in mysql, I would not be surprised if this is just as fast or faster than retrieving the result set from the session. There are fewer potential data synchronization problems, too, since the info from mydata is fresh.
kendlj at NOSPAM dot web dot de
21-Apr-2005 08:51
21-Apr-2005 08:51
Was wondering, if References are also lost after serializing and deserializing in php5.
Wrote a testfile and my result is:
All references are restored corretly. Even if the classes where recursively referenced.
Here is the code of the file:
<?
//check refereneces
class A
{
public $a_var;
/**
* @var B
*/
public $parent;
public function __construct($parent)
{
$this->parent=$parent;
}
}
class B
{
/**
* @var A
*/
public $Ref_auf_A;
/**
* @var A
*/
public $aObj;
public $name="";
public function __construct($InhaltA)
{
$this->aObj=new A($this);
$this->aObj->a_var=$InhaltA;
$this->Ref_auf_A=$this->aObj;
}
}
$B_obj = new B("Inhalt von A");
$B_obj->name="My is <defaultName>";
echo "Object B before serializing:<pre>";
print_r($B_obj);
echo "</pre><br><br>";
$serB=serialize($B_obj);
echo "Object B serialized: ".$serB."<br><br>";
$B_obj = unserialize($serB);
echo "Object B deserializedt:<pre>";
print_r($B_obj);
echo "</pre><br><br>";
$B_obj->Ref_auf_A->a_var="Test";
echo "Object A reference content changed, should have changed everywhere:<pre>";
print_r($B_obj);
echo "</pre><br><br>";
//Change name of object where A parent references to.
$B_obj->Ref_auf_A->parent->name="My name changed";
echo $B_obj->name;
?>
fdreger at amiga dot pl
20-Mar-2005 09:43
20-Mar-2005 09:43
It seems that serializing an object dereferences all its attributes that were references - even if the object they referenced was contained within the serialized one.
Consider this example:
<?
class foo {
var $a=new array();
}
$example=new foo;
$obj=new whatever();
$example->a[]=&$obj;
$example->a[]=$obj;
//now $example contains a list with
//both: an object and a reference to that object
//let us serialize and immediately unserialize $example:
$string=serialize(example);
$example=unserialize(string);
//now the situation is completely different!
//$example contains just two identical objects,
//the reference is lost
?>
evan dot php dot net at timewarp dot org
03-Jun-2004 06:45
03-Jun-2004 06:45
A special gotcha for unserializing stored objects. If you alter the class (adding new methods), they will appear and be available when the object is unserialized. If, however, you alter the parent class that the class extends, the methods are *not* available, and any renamed ones silently vanish (the method disappears and does not reappear under the new name).
A way to get around this is to create a new dummy method in the child class and rename it each time you alter the parent class. This is very much a Bad Solution when you have to deal with a base class that is extended by dozens of other classes. Especially when you have a database full of serialized objects, each of which is a child of the base class. There appears to be no runtime fix.
Applies to PHP 4. Not sure about 5.
markg at byu dot edu
06-May-2004 07:32
06-May-2004 07:32
When working with a installation where Register Globals if off. You must remeber to use $_SESSION['objectName'] to store objects that will be used on multiple pages.
To re-use a saved object, you must define your object (i.e. include it's class file) before you call session_start(), or the object becomes unusable.
arthurp at nospam free dot fr
22-Nov-2003 05:00
22-Nov-2003 05:00
Good news when serializing a class and then reading it back into the similar or modified class.
PHP behaves very well when a class was serialized and then it is unserialized to initialize similar class or when the class was modified meanwhile.
Try this sample:
First version of the class A contains members $one and $three. An instance of this class is stored into the file.
The second version of the class A contains members $one as in prevoius but it also contains $two and and it doesn't contain $three member. The file is read back.
Resulting class is still working !
<?php
/////////////////////////////
// classa.inc:
class A
{
var $one = 1;
var $three = 3;
function show_one(){ echo $this->one."<br>";}
}
/////////////////////////////
// classa_modified.inc:
class A
{
var $two = 2;
var $one = 1;
function show_one(){ echo $this->one."<br>"; }
function show_two(){ echo $this->two."<br>"; }
}
/////////////////////////////
// teststore
include("classa.inc");
$a = new A;
$s = serialize($a);
// store $s somewhere where page2.php can find it.
$fp = fopen("savedclass.tmp", "w");
fputs($fp, $s);
fclose($fp);
$a->show_one();
var_dump($a);
/////////////////////////////
// testreadmodified.php:
include("classa_modified.inc");
$s = implode("", @file("savedclass.tmp"));
$a = unserialize($s);
// now use the function show_one() of the $a object.
$a->show_one();
$a->show_two();
var_dump($a);
?>
Resulting Output:
1
2
object(a)(3) { ["two"]=> int(2) ["one"]=> int(1) ["three"]=> int(3) } ?>
Note:
- $one member is unserialized normally
- $two member exist after unserialisation and it's well initialised with value 2
- show_two() function is working after unserialization
- $thee member exist was loaded too even if it isn't declared in modified version of the class !
okoro22 at yahoo dot com
05-Mar-2003 09:21
05-Mar-2003 09:21
I had a problem using session_register() to globally store a class that I was working with. I hope my solution will help beginners understand this concept of sessions in PHP
When you use session_register() to store any object, yes you don't need to call session_start() unless you want to. However in other pages where you want to use that object, you must call session_start() after you have included the class definition of the file. Failure to do this will unserlize your object without its functions and it will be pretty useless.
Hope it helps someone.
Cheers.
dan at binaryfrost dot net
16-Nov-2002 02:10
16-Nov-2002 02:10
Serialization is very useful for the storing of objects in databases.
The following example stores an obbect in a mySQL db:
# Seperate Class.
include 'thisObjectClass.php';
# Create instance of a class.
$object = new thisObjectClass;
# Create link to the database
$link = mysql_connect('host', 'user', 'password');
mysql_select_db('dbname', $link);
# Formulate query and submit.
$sql_query = mysql_query("INSERT INTO objecttable(object) VALUES (serialize($object)") or print (mysql_error());
# Retrieve blob object.
$sql_query = mysql_query("SELECT object FROM objecttable WHERE 1) or print (mysql_error());
$row = mysql_fetch_row($sql_query);
# This should show string / text data.
print $row[0];
# This should show 'object'.
print unserialize($row[0])."<br>";
# Close db link.
mysql_close($link);
michael at nospam dot dynamine dot net
15-Nov-2002 01:07
15-Nov-2002 01:07
Don't forget to lock your storage file using flock() before opening the file you wish to use to store your serialized object(s)! PHP will make no attempt to prevent two threads or processes from writing to your file at the same time and you can easily end up with a corrupted data store unless you serialize access to your storage. (Note that using NFS for your storage may not be lock-safe.)
evan at unixpimps dot org
25-Aug-2002 02:26
25-Aug-2002 02:26
A quick note about objects containing another object as a variable. Say you have something like this:
class A {
var $A_Var;
}
class B {
var $A
var $B_Var;
function B() {
$this->A = new A();
}
}
$B = new B();
$B->A->A_Var = "A_Var value";
---
When you try to serialize() an instance of B() $B->A->A_Var doesn't seem to keep it's value.
After much fighting with this the solution I found was to append to my __sleep and __wakeup functions and serialize $this->A in __sleep and then unserialize it in __wakeup.
class A {
var $A_Var;
}
class B {
var $A
var $A_serialized;
var $B_Var;
function B() {
$this->A = new A();
}
function __sleep() {
$this->A_serialized = serialize($this->A);
return array('A_serialized', 'B_Var');
}
function __wakeup() {
$this->A = unserialize($this->A_serialized);
}
}
felizk at hotmail dot com
09-Jul-2002 03:31
09-Jul-2002 03:31
Got around the session_auto_start problem by using:
session_write_close();
class defination
session_start();
works for me
I hate spam
08-Jul-2002 03:57
08-Jul-2002 03:57
The deserialize callback function is pretty useless if you name your classes and files using title case (ie ClassName.php), because PHP changes all classnames to lower case!!!
ndp9 at yahoo dot com
27-May-2002 08:13
27-May-2002 08:13
In case this isn't clear:
In 4.2 and below: session.auto_start and session objects are mutually exclusive.
hhuggins at fedex dot com
18-Apr-2002 04:52
18-Apr-2002 04:52
The problem with objects during session management arise because the object definition must exist before starting the session. i.e. if you have object x and you want to use it in a session, you have to perform the following.
<?
class x
{
...definition here
}
// php now knows what x is... start the session
session_start();
session_register("x_as_variable");
?>
if object x is defined in another file, make sure that the file is included or required BEFORE you start the session.
<?
require("x.inc");
session_start();
session_register("x_as_variable");
?>
This stops the INCOMPLETE_OBJECT response eliminating the need to create an array representation for an object.
ggiulb at netscape dot net
17-Mar-2002 11:00
17-Mar-2002 11:00
PHP.INI FILE AND SESSION.AUTO_START
Set
session.auto_start = 0
in php.ini file if you want that all works well during serialization/unserialization.
If session.auto_start is set to 1 all class definition is loaded after unserialization process, infact you obtain a messagge error like this "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition className of the object you are trying to operate on was loaded _before_ the session was started in scriptFile on line n"
grant_mjtr at hotmail dot com
21-Feb-2002 05:15
21-Feb-2002 05:15
A quick note about automatic serialisation in sessions.
If you have an object
$myCart = new ShoppingCart();
and this object contains variables which are objects
function ShoppingCart()
{
$mySingleItem = new BasketItem();
}
this will work fine and you can access the contained object $mySingleItem and its methods etc ONLY WHILE YOU ARE ON THE PAGE WHERE YOU CREATED IT.
if you are using sessions and register the cart
session_register('myCart')
the ShoppingCart object is serialised and unserialised on the next page ok but the inner BasketItem object is just garbled.
The only solution I have found is to use an array in the ShoppingCart instead of an object. What a pain!
william at scriptingbiz dot com
22-Sep-2001 08:03
22-Sep-2001 08:03
When storing an object that was generated with:
$row = mysql_fetch_object($result)
there is no apearent way to define the class of that object in the next page, without querying the database, and fetching a row as an object. This needs to be done so any such objects can be restored (deserialized) from a PHP4 Session.
It needs to be done before session_start() or session_register().