{"id":635,"date":"2025-12-08T19:53:37","date_gmt":"2025-12-08T11:53:37","guid":{"rendered":"https:\/\/www.52runoob.com\/?p=635"},"modified":"2025-12-08T19:53:37","modified_gmt":"2025-12-08T11:53:37","slug":"php-serialize%e8%bf%9b%e8%a1%8c%e5%ba%8f%e5%88%97%e5%8c%96%e5%b7%a5%e4%bd%9c%e7%9a%84%e5%ae%8c%e5%85%a8%e6%8c%87%e5%8d%97","status":"publish","type":"post","link":"https:\/\/www.52runoob.com\/index.php\/2025\/12\/08\/php-serialize%e8%bf%9b%e8%a1%8c%e5%ba%8f%e5%88%97%e5%8c%96%e5%b7%a5%e4%bd%9c%e7%9a%84%e5%ae%8c%e5%85%a8%e6%8c%87%e5%8d%97\/","title":{"rendered":"PHP\u00a0serialize\u8fdb\u884c\u5e8f\u5217\u5316\u5de5\u4f5c\u7684\u5b8c\u5168\u6307\u5357"},"content":{"rendered":"\n<p>\u4e0b\u9762\u7ed9\u4f60\u4e00\u4efd&nbsp;<strong>\u300aPHP serialize \u5e8f\u5217\u5316\u5de5\u4f5c\u7684\u5b8c\u5168\u6307\u5357\u300b<\/strong>&nbsp;\u2014\u2014\u4ece\u57fa\u7840\u5230\u9ad8\u7ea7\u3001\u517c\u5bb9\u6027\u3001\u5b89\u5168\u6027\u3001\u8c03\u8bd5\u3001\u6027\u80fd\u3001\u6700\u4f73\u5b9e\u8df5\u5168\u8986\u76d6\uff0c\u9002\u5408\u505a\u9879\u76ee\u3001\u5199\u63a5\u53e3\u3001\u8c03 API \u7684\u73af\u5883\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e00\u3001\u4ec0\u4e48\u662f serialize\uff1f<\/h1>\n\n\n\n<p><code>serialize()<\/code>&nbsp;\u662f PHP \u5185\u7f6e\u51fd\u6570\uff0c\u7528\u4e8e\u628a&nbsp;<strong>\u53d8\u91cf\uff08\u6570\u7ec4\u3001\u5bf9\u8c61\u7b49\uff09\u8f6c\u6362\u6210\u4e00\u4e2a\u53ef\u5b58\u50a8\u3001\u53ef\u4f20\u8f93\u7684\u5b57\u7b26\u4e32<\/strong>\u3002<br>\u5e38\u7528\u4e8e\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5199\u5165\u6570\u636e\u5e93<\/li>\n\n\n\n<li>\u5199\u5165\u6587\u4ef6<\/li>\n\n\n\n<li>Redis \u7f13\u5b58<\/li>\n\n\n\n<li>Cookie \/ Session \u5b58\u50a8<\/li>\n\n\n\n<li>RPC\/\u8fdc\u7a0b\u8bf7\u6c42<\/li>\n\n\n\n<li>\u961f\u5217\u7cfb\u7edf<\/li>\n<\/ul>\n\n\n\n<p>\ud83d\udc49 \u53cd\u5e8f\u5217\u5316\u7528&nbsp;<code>unserialize()<\/code>\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e8c\u3001serialize() \u7684\u8bed\u6cd5\u4e0e\u793a\u4f8b<\/h1>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n$serialized = serialize($data);\n$original = unserialize($serialized);\n\n<\/pre><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u793a\u4f8b\uff1a<\/h3>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n$array = &#x5B;&quot;name&quot; =&gt; &quot;Jack&quot;, &quot;age&quot; =&gt; 20];\necho serialize($array);\n\n<\/pre><\/div>\n\n\n<p>\u8f93\u51fa\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\na:2:{s:4:&quot;name&quot;;s:4:&quot;Jack&quot;;s:3:&quot;age&quot;;i:20;}\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e09\u3001PHP \u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u683c\u5f0f\u89c4\u5219\uff08\u975e\u5e38\u91cd\u8981\uff09<\/h1>\n\n\n\n<p>PHP serialize \u8f93\u51fa\u7684\u5b57\u7b26\u4e32\u9075\u5faa\u56fa\u5b9a\u683c\u5f0f\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u7c7b\u578b<\/th><th>\u6807\u8bb0<\/th><th>\u793a\u4f8b<\/th><\/tr><\/thead><tbody><tr><td>\u6574\u578b (integer)<\/td><td><code>i:<\/code><\/td><td><code>i:123;<\/code><\/td><\/tr><tr><td>\u6d6e\u70b9\u6570 (double)<\/td><td><code>d:<\/code><\/td><td><code>d:3.14;<\/code><\/td><\/tr><tr><td>\u5b57\u7b26\u4e32 (string)<\/td><td><code>s:length:\"xxxxx\";<\/code><\/td><td><code>s:5:\"hello\";<\/code><\/td><\/tr><tr><td>\u5e03\u5c14 (boolean)<\/td><td><code>b:<\/code><\/td><td><code>b:1;<\/code><\/td><\/tr><tr><td>NULL<\/td><td><code>N;<\/code><\/td><td><code>N;<\/code><\/td><\/tr><tr><td>\u6570\u7ec4<\/td><td><code>a:length:{...}<\/code><\/td><td><code>a:2:{...}<\/code><\/td><\/tr><tr><td>\u5bf9\u8c61<\/td><td><code>O:length:\"Class\":props:{...}<\/code><\/td><td><code>O:4:\"User\":2:{...}<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u56db\u3001\u5e8f\u5217\u5316\u6570\u7ec4\u793a\u4f8b\uff08\u6700\u5e38\u7528\uff09<\/h1>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n$data = &#x5B;\n    &quot;title&quot; =&gt; &quot;hello&quot;,\n    &quot;count&quot; =&gt; 100,\n];\n\necho serialize($data);\n\n<\/pre><\/div>\n\n\n<p>\u8f93\u51fa\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\na:2:{s:5:&quot;title&quot;;s:5:&quot;hello&quot;;s:5:&quot;count&quot;;i:100;}\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e94\u3001\u5e8f\u5217\u5316\u5bf9\u8c61\uff08O:&#8230;\uff09\u793a\u4f8b<\/h1>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nclass User {\n    public $name = &quot;Tom&quot;;\n    public $age = 30;\n}\n$obj = new User();\n\necho serialize($obj);\n\n<\/pre><\/div>\n\n\n<p>\u8f93\u51fa\u683c\u5f0f\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nO:4:&quot;User&quot;:2:{s:4:&quot;name&quot;;s:3:&quot;Tom&quot;;s:3:&quot;age&quot;;i:30;}\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u516d\u3001\u5bf9\u8c61\u53cd\u5e8f\u5217\u5316\u65f6\u5e38\u89c1\u95ee\u9898\uff08\u53cd\u5e8f\u5217\u5316\u5931\u8d25\uff09<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">1. \u7c7b\u4e0d\u5b58\u5728\uff08\u62a5 Notice\uff09<\/h3>\n\n\n\n<p>\u5982\u679c unserialize \u65f6 PHP \u627e\u4e0d\u5230\u7c7b\uff0c\u4f1a\u5bfc\u81f4\u5c5e\u6027\u4e22\u5931\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nunserialize(&#039;O:4:&quot;User&quot;:1:{s:4:&quot;name&quot;;s:3:&quot;Tom&quot;;}&#039;);\n\n<\/pre><\/div>\n\n\n<p>\u89e3\u51b3\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nrequire &quot;User.php&quot;;\n\n<\/pre><\/div>\n\n\n<p>\u6216\u4f7f\u7528\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nunserialize($data, &#x5B;&quot;allowed_classes&quot; =&gt; true]);\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e03\u3001serialize \u4e0e JSON \u7684\u533a\u522b\uff08\u5e38\u88ab\u95ee\uff09<\/h1>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u7279\u70b9<\/th><th>serialize<\/th><th>json<\/th><\/tr><\/thead><tbody><tr><td>\u652f\u6301\u5bf9\u8c61<\/td><td>\u2714 \u662f<\/td><td>\u274c \u5426\uff08\u53ea\u80fd\u6570\u7ec4\/\u6807\u91cf\uff09<\/td><\/tr><tr><td>\u53ef\u9006\u6027<\/td><td>\u2714 \u5f3a<\/td><td>\u2714 \u5f3a<\/td><\/tr><tr><td>\u8de8\u8bed\u8a00\u517c\u5bb9\u6027<\/td><td>\u274c \u5dee<\/td><td>\u2714 \u6781\u597d<\/td><\/tr><tr><td>\u53ef\u8bfb\u6027<\/td><td>\u274c \u4e0d\u53ef\u8bfb<\/td><td>\u2714 \u53ef\u8bfb<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\ud83d\udc49&nbsp;<strong>\u8de8\u5e73\u53f0\u63a8\u8350 JSON\uff0c\u5b58\u50a8\u590d\u6742\u5bf9\u8c61\u63a8\u8350 serialize<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u516b\u3001serialize \u5b89\u5168\u95ee\u9898\uff08\u5fc5\u987b\u6ce8\u610f\uff09<\/h1>\n\n\n\n<p><code>unserialize()<\/code>&nbsp;<strong>\u5386\u53f2\u4e0a\u7206\u51fa\u8fc7\u5927\u91cf\u5b89\u5168\u6f0f\u6d1e<\/strong>\u3002<\/p>\n\n\n\n<p>\u5371\u9669\u70b9\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u53cd\u5e8f\u5217\u5316\u4efb\u610f\u5bf9\u8c61 \u2192 \u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08POP &amp; RCE\uff09<\/strong><\/li>\n\n\n\n<li><strong>\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u9020\u4f2a\u9020\u7684\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u89e6\u53d1\u7c7b\u7684 __wakeup() \u6216 __destruct()<\/strong><\/li>\n<\/ol>\n\n\n\n<p>\u5b89\u5168\u4f7f\u7528\u65b9\u5f0f\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nunserialize($data, &#x5B;&quot;allowed_classes&quot; =&gt; false]);\n\n<\/pre><\/div>\n\n\n<p>\u6216\u6307\u5b9a\u767d\u540d\u5355\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nunserialize($data, &#x5B;&quot;allowed_classes&quot; =&gt; &#x5B;&quot;User&quot;]]);\n\n<\/pre><\/div>\n\n\n<p>\u26a0\ufe0f \u7edd\u5bf9\u4e0d\u8981\u53cd\u5e8f\u5217\u5316\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u4e5d\u3001\u5e8f\u5217\u5316\u5b57\u7b26\u4e32\u957f\u5ea6\u9519\u8bef\u7684\u5e38\u89c1\u539f\u56e0<\/h1>\n\n\n\n<p>PHP \u5bf9\u5b57\u7b26\u4e32\u4f7f\u7528\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ns:length:&quot;value&quot;;\n\n<\/pre><\/div>\n\n\n<p>\u5982\u679c length \u4e0e\u5b9e\u9645\u5185\u5bb9\u4e0d\u4e00\u81f4\uff0c\u4f1a\u62a5\u9519\u6216\u622a\u65ad\uff1a<\/p>\n\n\n\n<p>\u4f8b\u5982\uff08\u9519\u8bef\uff09\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ns:4:&quot;hello&quot;;\n\n<\/pre><\/div>\n\n\n<p>\u5b9e\u9645 hello \u957f\u5ea6\u662f 5\uff0c\u4f1a\u89e3\u6790\u5931\u8d25\u3002<\/p>\n\n\n\n<p>\u5e38\u89c1\u539f\u56e0\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u624b\u52a8\u4fee\u6539\u6570\u636e<\/li>\n\n\n\n<li>\u6570\u636e\u5e93\u5b57\u6bb5\u7f16\u7801\u4e0d\u4e00\u81f4\uff08\u5982 utf8mb4\uff09<\/li>\n\n\n\n<li>\u6570\u636e\u88ab\u8f6c\u4e49\uff08addslashes\uff09<\/li>\n<\/ul>\n\n\n\n<p>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4f7f\u7528 BLOB\uff0c\u800c\u4e0d\u662f TEXT<\/li>\n\n\n\n<li>\u7981\u6b62\u4fee\u6539\u5e8f\u5217\u5316\u5b57\u7b26\u4e32<\/li>\n\n\n\n<li>\u4fdd\u8bc1\u65e0\u8f6c\u4e49<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u5341\u3001serialize \u7684\u66ff\u4ee3\u65b9\u6848<\/h1>\n\n\n\n<p>\u907f\u514d\u5b89\u5168\u95ee\u9898\u548c\u517c\u5bb9\u6027\u95ee\u9898\uff0c\u63a8\u8350\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u2714 JSON\uff1a\u8f7b\u91cf\u3001\u8de8\u8bed\u8a00\u3001\u6700\u5e38\u7528<\/h3>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\njson_encode($data)\n\n<\/pre><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u2714 igbinary\uff08\u6269\u5c55\uff09\uff1a\u66f4\u5feb\u66f4\u5c0f<\/h3>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nigbinary_serialize($data);\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u5341\u4e00\u3001serialize \u8c03\u8bd5\u6280\u5de7<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">\u67e5\u770b\u5e8f\u5217\u5316\u5185\u5bb9\u7f8e\u5316\u540e\u7684\u7ed3\u6784\uff1a<\/h3>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n$data = unserialize($str);\nvar_dump($data);\n\n<\/pre><\/div>\n\n\n<p>\u4e5f\u53ef\u7528\u5728\u7ebf\u5de5\u5177\uff08\u66f4\u76f4\u89c2\uff09\uff1a<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nPHP serialize viewer\n\n<\/pre><\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">#\ufe0f\u20e3 \u5341\u4e8c\u3001serialize \u6700\u4f73\u5b9e\u8df5\uff08\u603b\u7ed3\uff09<\/h1>\n\n\n\n<p>\u2714 \u7528 serialize \u5b58<strong>\u4ec5\u9650 PHP \u5185\u90e8\u4f7f\u7528\u7684\u6570\u636e<\/strong>\uff08session\u3001cache\u3001\u961f\u5217\uff09<br>\u2714 \u5b58\u6570\u636e\u5e93\u7528&nbsp;<strong>BLOB<\/strong><br>\u2714 \u7edd\u4e0d\u53cd\u5e8f\u5217\u5316\u7528\u6237\u8f93\u5165<br>\u2714 \u5bf9\u8c61\u53cd\u5e8f\u5217\u5316\u65f6\u5fc5\u987b\u52a0\u8f7d\u7c7b<br>\u2714 \u8de8\u5e73\u53f0\u6570\u636e\u7528 JSON<br>\u2714 \u9700\u8981\u538b\u7f29\u53ef\u7528 gzcompress + serialize<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e0b\u9762\u7ed9\u4f60\u4e00\u4efd&nbsp;\u300aPHP serialize \u5e8f\u5217\u5316\u5de5\u4f5c\u7684\u5b8c\u5168\u6307\u5357\u300b&#038;n&#8230; <a class=\"more-link\" href=\"https:\/\/www.52runoob.com\/index.php\/2025\/12\/08\/php-serialize%e8%bf%9b%e8%a1%8c%e5%ba%8f%e5%88%97%e5%8c%96%e5%b7%a5%e4%bd%9c%e7%9a%84%e5%ae%8c%e5%85%a8%e6%8c%87%e5%8d%97\/\">Continue Reading &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[],"class_list":["post-635","post","type-post","status-publish","format-standard","hentry","category-php-"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/posts\/635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/comments?post=635"}],"version-history":[{"count":1,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/posts\/635\/revisions"}],"predecessor-version":[{"id":636,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/posts\/635\/revisions\/636"}],"wp:attachment":[{"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/media?parent=635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/categories?post=635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.52runoob.com\/index.php\/wp-json\/wp\/v2\/tags?post=635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}