Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Structure of a Serialized PHP string

I was wondering if anyone could point me to a resource where the details of a serialized php string is documented. I would basically like to know the format/structure so I can write a function in VB.NET to serialize/deserialize it back.

Thanks!

like image 943
urbanspr1nter Avatar asked Jan 12 '13 21:01

urbanspr1nter


People also ask

What is serialize string?

String serialization is the process of writing a state of object into a byte stream. In python, the “pickle” library is used for enabling serialization. This module includes a powerful algorithm for serializing and de-serializing a Python object structure.

What is serialization in PHP with example?

Definition and Usage The serialize() function converts a storable representation of a value. To serialize data means to convert a value to a sequence of bits, so that it can be stored in a file, a memory buffer, or transmitted across a network.

What is a serialized object PHP?

Serializing objects - objects in sessions ¶ serialize() returns a string containing a byte-stream representation of any value that can be stored in PHP. unserialize() can use this string to recreate the original variable values. Using serialize to save an object will save all variables in an object.

What is a serialized PHP array?

The serialize array function is a built-in function in PHP. The serialization of data means converts a value into a sequence of bits to be stored in a memory buffer, in a file, or transfer across a network. The array is complex data types; we can not see its content directly.


2 Answers

The basic structure is as follows:

Scalar types:

  1. Booleans are serialized as:

    b:<i>; 

    where <i> is an integer with a value of either 0 (false) or 1 (true).

  2. Integers are serialized as:

    i:<i>; 

    where <i> is the integer value.

  3. Floats are serialized as (with d meaning double):

    d:<f>; 

    where <f> is the float value.

  4. Strings are serialized as:

    s:<i>:"<s>"; 

    where <i> is an integer representing the string length of <s>, and <s> is the string value.

Special types:

  1. null is simply serialized as:

    N; 

Compound types:

  1. Arrays are serialized as:

    a:<i>:{<elements>} 

    where <i> is an integer representing the number of elements in the array, and <elements> zero or more serialized key value pairs:

    <key><value> 

    where <key> represents a serialized scalar type, and <value> any value that is serializable.

  2. Objects are serialized as:

    O:<i>:"<s>":<i>:{<properties>} 

    where the first <i> is an integer representing the string length of <s>, and <s> is the fully qualified class name (class name prepended with full namespace). The second <i> is an integer representing the number of object properties. <properties> are zero or more serialized name value pairs:

    <name><value> 

    where <name> is a serialized string representing the property name, and <value> any value that is serializable.

    There's a catch with <name> though:

    <name> is represented as

    s:<i>:"<s>"; 

    where <i> is an integer representing the string length of <s>. But the values of <s> differs per visibility of properties:

    a. With public properties <s> is the simple name of the property.

    b. With protected properties, however, <s> is the simple name of the property, prepended with \0*\0 — an asterix, enclosed in two NUL characters (i.e. chr(0)).

    c. And with private properties, <s> is the simple name of the property, prepended with \0<s>\0<s>, enclosed in two NUL characters, where <s> is the fully qualified class name.


There are a few other cases, such as R:<i>;, that represents references, that I haven't mentioned here (because I honestly haven't figured out the exact workings of it yet), but this should give you a decent idea about PHP's serializing mechanism.

like image 73
Decent Dabbler Avatar answered Oct 03 '22 00:10

Decent Dabbler


I've found this page at phpinternalsbook quite complete. It also shows the alternative serialization format for classes implementing Serializable interface, as well as the meaning of R format specifier.

like image 43
superjos Avatar answered Oct 03 '22 01:10

superjos