PHP and MySQL Web Development 4th Ed-tqw-_darksiderg

Serializing Variables and Objects
527
Serialization has decreased in usefulness since the introduction of session control.
Serializing data is principally used for the types of things you would now use session
control for. In fact, the session control functions serialize session variables to store them
between HTTP requests.
However, you might still want to store a PHP array or object in a file or database.
If you do, you need to know how to use these two functions: serialize() and
unserialize().
You can call the serialize() function as follows:
$serial_object = serialize($my_object);
If you want to know what the serialization actually does, look at what is returned from
serialize().This line turns the contents of an object or array into a string.
For example, you can look at the output of running serialize() on a simple
employee object, defined and instantiated thus:
class employee
{
var $name;
var $employee_id;
}
$this_emp = new employee;
$this_emp->name = ‘Fred’;
$this_emp->employee_id = 5324;
If you serialize this and echo it to the browser, the output is
O:8:”employee”:2:{s:4:”name”;s:4:”Fred”;s:11:”employee_id”;i:5324;}
You can easily see the relationship between the original object data here and the serialized
data.
Because the serialized data is just text, you can write it to a database or whatever you
like. Be aware that you should use mysql_real_escape_string() on any text data
before writing it to a database to escape any special characters.You can see the need for
this by noting the quotation marks in the previous serialized string.
To get the object back, call unserialize():
$new_object = unserialize($serial_object);
Another point to note when serializing classes or using them as session variables:
PHP needs to know the structure of a class before it can reinstantiate the class.
Therefore, you need to include the class definition file before calling session_start()
or unserialize().