对于单个人修改的小型网站的数据存储来说,PHP 序列化是一个不错的选择吗?
我正在规划一个 PHP 网站架构。这将是一个小型网站,访问者很少,数据也很少。 数据仅由单个用户(管理员)修改。
为了让事情变得更简单,我不想使用真正的数据库或 XML 数据。我考虑通过 PHP 序列化将所有数据存储到多个文件中。例如,如果有多个类别,我将存储一个包含每个类别的 Category 类实例的数组。
在这些情况下使用 PHP 序列化是否存在任何陷阱?
I'm planning a PHP website architecture. It will be a small website with few visitors and small set of data. The data is modified exclusively by a single user (administrator).
To make things easier, I don't want to bother with a real database or XML data. I think about storing all data through PHP serialization into several files. So for example if there are several categories, I will store an array containing Category class instances for each category.
Are there any pitfalls using PHP serialization in those circumstances?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
使用数据库——这并不困难,任何额外的时间都会通过数据库的使用而得到很好的学习。
我看到的陷阱正如 Yehonatan 提到的:
1.维护和添加功能。
2.没有简单的方法来查询或查看数据。
3. 非常不安全——看看“hackthissite.org”。许多开始的例子都与黑客攻击有关,其中有人将数据硬编码到文件中。
4. 序列化适用于一个数组,即一张表。如果您必须做一些事情,例如让父类别必须与其他数据匹配,那么效果不会很好。
Use databases -- it is not that difficult and any extra time spent will be well learnt with database use.
The pitfalls I see are as Yehonatan mentioned:
1. Maintenance and adding functionality.
2. No easy way to query or look at data.
3. Very insecure -- take a look at "hackthissite.org". A lot of the beginning examples have to do with hacking where someone put the data hard coded in files.
4. Serialization will work for one array, meaning one table. If you have to do anything like have parent categories that have to match up to other data, not going to work so well.
维护和添加功能时会出现陷阱。
这是一种非常好的学习方式,但在课程结束后您会更加欣赏数据库。
The pitfalls come when with maintenance and adding functionality.
it is a very good way to learn but you will appreciate databases more after the lessons.
我尝试实现 PHP 序列化来存储网站数据。对于那些想做同样事情的人,这里是几个月前开始的项目的反馈,此后进行了大量修改:
优点:
加载和保存数据非常容易。我不必编写 SQL 查询、优化它们等。代码更短(使用参数化 SQL 查询,它可能会增长很多)。
部署不需要额外的工作。 我们不关心网络服务器支持什么:如果只有 PHP,没有其他扩展、数据库服务器等,网站仍然可以运行。 Sqlite 是个好东西,但是在某些服务器上无法安装,而且还需要 PHP 扩展。
缺点:
就像 Kerry 在他的回答中所说,“没有简单的方法来查询或查看数据”。这意味着任何商业智能/统计案例都是不可能的或者需要大量的工作。顺便说一句,一些基本场景变得极其复杂。假设我们存储产品,并且我们想知道有多少产品。在我的例子中,它需要为此创建一个 PHP 文件,加载所有数据,然后计算项目数量,有时需要手动添加内容,而不是仅仅编写
select count(1) from Products。 /p>实现数据迁移需要进行一些更改,这很痛苦,并且需要比执行 SQL 查询更多的工作。
总之,我建议使用 PHP 序列化来存储由一个人修改的小型网站的数据仅当以下所有条件都为真:
部署上下文未知,并且有可能有一个仅支持基本 PHP 且没有扩展的服务器,
没人关心关于商业智能或信息的类似用途,
不会对数据结构产生重大影响的需求变化。
I tried to implement PHP serialization to store website data. For those who want to do the same thing, here's a feedback from the project started a few months ago and heavily modified since:
Pros:
It was very easy to load and save data. I don't have to write SQL queries, optimize them, etc. The code is shorter (with parametrized SQL queries, it may grow a lot).
The deployment does not require additional effort. We don't care about what is supported on the web server: if there is just PHP with no additional extensions, database servers, etc., the website will still work. Sqlite is a good thing, but it is not possible to install it on some servers, and it also requires a PHP extension.
We don't have to care about updating a database server, nor about the database server to use (thus avoiding the scenario where the customer wants to migrate from Microsoft SQL Server to Oracle, etc.).
We can add more properties to the objects without having to break everything (just like we can add other columns to the database).
Cons:
Like Kerry said in his answer, there is "no easy way to query or look at data". It means that any business intelligence/statistics cases are impossible or require a huge amount of work. By the way, some basic scenarios become extremely complicated. Let's say we store products and we want to know how much products there are. Instead of just writing
select count(1) from Products, in my case it requires to create a PHP file just for that, load all data then count the number of items, sometimes by adding stuff manually.Some changes required to implement data migration, which was painful and required more work than just executing an SQL query.
To conclude, I would recommend using PHP serialization for storing data of a small website modified by a single person only if all the following conditions are true:
The deployment context is unknown and there are chances to have a server which supports only basic PHP with no extensions,
Nobody cares about business intelligence or similar usages of the information,
There will be no changes to the requirements with large impact on the data structure.
如果您不想设置完整的数据库服务器,我会说使用像 sqlite 这样的小型数据库。不过,我还要说,序列化数组并将其存储在文本文件中的速度非常快。我必须序列化一个包含几千条记录的数组(来自数据库的转储),并在我们的数据库服务器重建几天时将其用作临时数据库。
I would say use a small database like sqlite if you don't want to go through setting up a full db server. However I will also say that serializing an array and storing that in a text file is pretty dang fast. I've had to serialize an array with a few thousand records (a dump from a database) and used that as a temp database when our DB server was being rebuilt for a few days.