PHP 反序列化因非编码字符而失败?
$ser = 'a:2:{i:0;s:5:"héllö";i:1;s:5:"wörld";}'; // fails
$ser2 = 'a:2:{i:0;s:5:"hello";i:1;s:5:"world";}'; // works
$out = unserialize($ser);
$out2 = unserialize($ser2);
print_r($out);
print_r($out2);
echo "<hr>";
但为什么呢?
我应该在序列化之前编码吗?如何?
我正在使用 Javascript 将序列化字符串写入隐藏字段,而不是 PHP 的 $_POST
在 JS 中我有类似的东西:
function writeImgData() {
var caption_arr = new Array();
$('.album img').each(function(index) {
caption_arr.push($(this).attr('alt'));
});
$("#hidden-field").attr("value", serializeArray(caption_arr));
};
$ser = 'a:2:{i:0;s:5:"héllö";i:1;s:5:"wörld";}'; // fails
$ser2 = 'a:2:{i:0;s:5:"hello";i:1;s:5:"world";}'; // works
$out = unserialize($ser);
$out2 = unserialize($ser2);
print_r($out);
print_r($out2);
echo "<hr>";
But why?
Should I encode before serialzing than? How?
I am using Javascript to write the serialized string to a hidden field, than PHP's $_POST
In JS I have something like:
function writeImgData() {
var caption_arr = new Array();
$('.album img').each(function(index) {
caption_arr.push($(this).attr('alt'));
});
$("#hidden-field").attr("value", serializeArray(caption_arr));
};
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(14)
unserialize()
失败的原因是:是因为
héllö
和wörld
的长度错误,因为 PHP 无法正确处理多序列化本地字节字符串:但是,如果您尝试
unserialize()
以下正确的字符串:它有效:
如果您使用 PHP
serialize()
它应该正确计算多字节的长度字节字符串索引。另一方面,如果您想使用多种(编程)语言处理序列化数据,您应该忘记它并转向 JSON 等更加标准化的语言。
The reason why
unserialize()
fails with:Is because the length for
héllö
andwörld
are wrong, since PHP doesn't correctly handle multi-byte strings natively:However if you try to
unserialize()
the following correct string:It works:
If you use PHP
serialize()
it should correctly compute the lengths of multi-byte string indexes.On the other hand, if you want to work with serialized data in multiple (programming) languages you should forget it and move to something like JSON, which is way more standardized.
我知道这是一年前发布的,但我只是遇到这个问题并遇到这个问题,事实上我找到了解决方案。这段代码很有魅力!
背后的想法很简单。它只是通过重新计算上面 @Alix 发布的多字节字符串的长度来帮助您。
一些修改应该适合您的代码:
来源:http://snippets.dzone.com/posts/show /6592
在我的机器上测试过,效果非常好!
I know this was posted like one year ago, but I just have this issue and come across this, and in fact I found a solution for it. This piece of code works like charm!
The idea behind is easy. It's just helping you by recalculating the length of the multibyte strings as posted by @Alix above.
A few modifications should suits your code:
Source: http://snippets.dzone.com/posts/show/6592
Tested on my machine, and it works like charm!!
Lionel Chan 答案已修改,可与 PHP >= 5.5 配合使用:
此代码使用 preg_replace_callback因为带有 /e 修饰符的 preg_replace 已过时,因为PHP 5.5。
Lionel Chan answer modified to work with PHP >= 5.5 :
This code uses preg_replace_callback as preg_replace with the /e modifier is obsolete since PHP 5.5.
正如 Alix 所指出的,这个问题与编码有关。
在 PHP 5.4 之前,PHP 的内部编码是 ISO-8859-1,这种编码对某些在 unicode 中是多字节的字符使用单字节。结果是在 UTF-8 系统上序列化的多字节值在 ISO-8859-1 系统上将无法读取。
为了避免此类问题,请确保所有系统都使用相同的编码:
您可以使用
utf8_(encode|decode)
进行清理:The issue is - as pointed out by Alix - related to encoding.
Until PHP 5.4 the internal encoding for PHP was ISO-8859-1, this encoding uses a single byte for some characters that in unicode are multibyte. The result is that multibyte values serialized on UTF-8 system will not be readable on ISO-8859-1 systems.
The avoid problems like this make sure all systems use the same encoding:
You can use
utf8_(encode|decode)
to cleanup:在回复上面的@Lionel时,实际上,如果序列化字符串本身包含字符序列
";
(引号后跟分号),那么您建议的函数 mb_unserialize() 将不起作用。谨慎使用。例如:
JSON 是要走的路,正如其他人提到的,恕我
直言,注意:我将其作为新答案发布,因为我不知道如何直接回复(这里是新的)。
In reply to @Lionel above, in fact the function mb_unserialize() as you proposed won't work if the serialized string itself contains char sequence
";
(quote followed by semicolon).Use with caution. For example:
JSON is the ways to go, as mentioned by others, IMHO
Note: I post this as new answer as I don't know how to reply directly (new here).
当另一端不是 PHP 时,不要使用 PHP 序列化/反序列化。它并不意味着是一种可移植的格式 - 例如,它甚至包含受保护密钥的 ascii-1 字符,这不是您想要在 javascript 中处理的内容(即使它可以完美地工作,但它非常难看)。
相反,请使用可移植格式,例如 JSON。 XML 也可以完成这项工作,但 JSON 的开销更少,并且对程序员更友好,因为您可以轻松地将其解析为简单的数据结构,而不必处理 XPath、DOM 树等。
Do not use PHP serialization/unserialization when the other end is not PHP. It is not meant to be a portable format - for example, it even includes ascii-1 characters for protected keys which is nothing you want to deal with in javascript (even though it would work perfectly fine, it's just extremely ugly).
Instead, use a portable format like JSON. XML would do the job, too, but JSON has less overhead and is more programmer-friendly as you can easily parse it into a simple data structure instead of having to deal with XPath, DOM trees etc.
这个解决方案对我有用:
This solution worked for me:
这里还有一个细微的变化,希望对某人有所帮助......我正在序列化一个数组,然后将其写入数据库。检索数据时,反序列化操作失败。
事实证明,我正在写入的数据库长文本字段使用的是 latin1 而不是 UTF8。当我改变它时,一切都按计划进行。
感谢上面提到的字符编码并让我走上了正轨!
One more slight variation here which will hopefully help someone ... I was serializing an array then writing it to a database. On retrieving the data the unserialize operation was failing.
It turns out that the database longtext field I was writing into was using latin1 not UTF8. When I switched it round everything worked as planned.
Thanks to all above who mentioned character encoding and got me on the right track!
我建议您使用javascript编码为json,然后使用 json_decode 进行反序列化。
I would advise you to use javascript to encode as json and then use json_decode to unserialize.
我们可以将字符串分解为数组:
we can break the string down to an array:
序列化:
反序列化:
Serialize:
Unserialize:
这个对我有用。
this one worked for me.
就我而言,问题出在行结尾(可能某些编辑器已将我的文件从 DOS 更改为 Unix)。
我将这些自适应包装放在一起:
In my case the problem was with line endings (likely some editor have changed my file from DOS to Unix).
I put together these apadtive wrappers: