menu EDS
php反序列化学习笔记
165 浏览 | 2024-11-01 | 分类:默认分类 | 标签:

php反序列化

PHP的类

类的内部类的子部类的外部
public
protected×
private××
<?php
class person{
    public $name = "a";
    protected $age = 12;
    private $password = "123456";
}
$qng = new person();
echo $qng->name; //ok
echo $qng->age;  //no
echo $qng->password //no
?>

PHP序列化

单类型

null : N;
666  : i:666;
66.6 : d:66.6;
true : b:1;
false: b:0;
"qng": s:3:"qng";

数组

<?php
$qng2 = array("aaaa","bbbb","cccc");
echo serialize($qng2);
?>

结果

a(array):3(数量):{i:0(索引);s:4:"aaaa";i:1;s:4:"bbbb";i:2;s:4:"cccc";}

对象

<?php
class person{
    public $name = "a";
    protected $age = 12;
    private $password = "123456";
    function wsqng(){
        echo $name;
    }
}
$qng = new person();
$qng->name = "qng";
echo serialize($qng);
?>

结果

O:6(类名长度):"person":3(成员数量):{s:4:"name";s:3:"qng";s:6:"*age";i:12;s:16:"personpassword";s:6:"123456";}

private属性修饰符为 %00类名%00
protected 属性修饰符为 %00*%00

对象成员为对象

<?php
class person{
    public $name = "a";
    protected $age = 12;
    private $password = "123456";
    function wsqng(){
        echo $name;
    }
}
class xhc{
    var $me ;
    function __construct(){
        $this-> me=new person();
    }
}

$qng = new xhc();
$qng->name = "qng";
echo serialize($qng);
?>

结果

O:3:"xhc":2:{s:2:"me";O:6:"person":3:{s:4:"name";s:1:"a";s:6:"*age";i:12;s:16:"personpassword";s:6:"123456";}s:4:"name";s:3:"qng";}

如果对象属性为对象,在序列化中,该属性内容为对应对象的反序列化。

魔术方法

__construct()

构造函数,在实例化一个对象的时候,首先会去自动执行的一个方法。

<?php
class person{
    public $name = "a";
    protected $age = 12;
    private $password = "123456";

    function wsqng(){
        echo $age;
    }
    
    function __construct(){
        echo $this->name;
    }
}

$qng = new person();   //可触发__construct
$qng->name = "qng";
$qngser = serialize($qng); //不可触发__construct
$qngunser = unserialize($qngser); //不可触发__construct

?>

__destruct()

析构函数,在对象的所引用被删除或者当对象被显示销毁时执行的魔术方法。

<?php
class person{
    public $name = "a";
    protected $age = 12;
    private $password = "123456";

    function wsqng(){
        echo $age;
    }
    
    function __destruct(){
        echo $this->name;
    }
}

$qng = new person();   //单独不可触发__destruct
$qng->name = "qng";
$qngser = serialize($qng); //可将上一个触发__destruct
$qngunser = unserialize($qngser); //可触发__destruct

?>

得到结果qngqng

__sleep()

serialize()会检查类中是否存在__sleep()魔术方法,如果存在,调用执行。
__sleep()执行时需要返回序列化的变量名,返回哪些留下哪些。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    function wsqng(){
        echo $age;
    }
    
    function __sleep(){
        return array('name','age');
    }
}

$qng = new person();   
$qng->name = "qng";
$qngser = serialize($qng); 
echo $qngser; 

?>

输出没有了password。

O:6:"person":2:{s:4:"name";s:3:"qng";s:3:"age";i:12;}

__wakeup()

unserialize()会检查类中是否存在__wakeup()魔术方法,如果存在,调用执行。
__wakeup()执行时需要返回序列化的变量名,返回哪些留下哪些。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __wakeup(){
        $this->age = 888888;
    }
}

$qng = new person();   
$qng->name = "qng";
$qng->age = 66;
$qngser = serialize($qng); 
$qngunser = unserialize($qngser);
var_dump($qngunser);

?>

输出age变成了888888。

object(person)#2 (3) { ["name"]=> string(3) "qng" ["age"]=> int(888888) ["password"]=> string(6) "123456" } 

__toString()

把对象当作字符串调用会触发__toString()

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __toString(){
        return "I'm qng";
    }
}

$qng = new person();   
$qng->name = "qng";
$qng->age = 66;
print_r($qng); //person Object ( [name] => qng [age] => 66 [password] => 123456 )
echo $qng; //I'm qng

?>

显示

person Object ( [name] => qng [age] => 66 [password] => 123456 ) I'm qng

__invoke()

把对象当作函数调用会触发__invoke()

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __invoke(){
        echo "I'm qng";
    }
}

$qng = new person();   
$qng->name = "qng";
$qng->age = 66;
print_r($qng); //person Object ( [name] => qng [age] => 66 [password] => 123456 )
$qng(); //I'm qng

?>

__call()

调用了一个不存在的方法。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __call($arg1,$arg2){
        echo $arg1;
        var_dump($arg2);
    }
}

$qng = new person();   
$qng->name = "qng";
$qng->qng("callqng");
?>

显示

qngarray(1) { [0]=> string(7) "callqng" } 

__callStatic()

静态调用或调用成员常量时使用不存在的方法。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __callStatic($arg1,$arg2){
        echo $arg1;
        var_dump($arg2);
    }
}

$qng = new person();   
$qng->name = "qng";
$qng :: qng("callqng");
?>

显示

qngarray(1) { [0]=> string(7) "callqng" } 

__get()

调用成员属性不存在时触发,并把不存在的属性名传递进来。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __get($arg1){
        echo $arg1;
    }
}

$qng = new person();   
$qng->xhc;
?>

显示

xhc

__set()

给不存在的成员属性赋值时触发,并把不存在的属性名和内容传递进来。

<?php
class person{
    public $name = "a";
    public $age = 12;
    public $password = "123456";

    
    public function __set($arg1,$arg2){
        echo $arg1;
        echo $arg2;
    }
}

$qng = new person();   
$qng->xhc = "qng";
?>

显示

xhcqng

__isset()

给不存在或不可访问的成员属性使用isset()。

<?php
class person{
    public $name = "a";
    public $age = 12;
    private $password = "123456";

    
    public function __isset($arg1){
        echo $arg1;
    }
}

$qng = new person();   
isset($qng->xhc); 
isset($qng->password);
?>

显示

xhcpassword

__clone()

对对象使用clone,新对象会触发一个__clone()。

<?php
class person{
    public $name = "a";
    public $age = 12;
    private $password = "123456";

    
    public function __clone(){
        echo $this->password;
    }
}

$qng = new person();   
$qng2 = clone($qng); 
?>

显示

123456

发表评论

email
web

全部评论 (暂无评论)

info 还没有任何评论,你来说两句呐!