通过AJAX post将PHP对象传递给另一个页面
Anyone can help with this. I think i'm missing something basic and obvious!
I pass object $session from index.php to results.php like so..
index.php
include 'classes/user.php';
$session = new User();
//some object work
$sessionObjectStr = serialize($session);
<script>
var sessionObj = <?php if(isset($session)){echo json_encode($sessionObjectStr);}else{echo json_encode("");}; ?>;
$.post( 'results.php', {'object':sessionObj}, function(data){.....
</script>
results.php
include 'classes/user.php';
if(isset($_POST['object'])){ $session = unserialize(($_POST['object']));}
$session->getName();
The getName method returns nothing. It should return name like it did on index.php page..
var_dump from index.php for serialized $session
string(690) "O:4:"User":7:{s:9:"*userId";s:2:"27";s:7:"*name";s:5:"Admin";s:8:"*email";s:13:"admin@nrt.com";s:9:"*rights";s:5:"Super";s:9:"*cookie";N;s:12:"*lastLogin";s:10:"1475435341";s:5:"*db";O:8:"Database":4:{s:7:"*link";O:6:"mysqli":19:{s:13:"affected_rows";N;s:11:"client_info";N;s:14:"client_version";N;s:13:"connect_errno";N;s:13:"connect_error";N;s:5:"errno";N;s:5:"error";N;s:10:"error_list";N;s:11:"field_count";N;s:9:"host_info";N;s:4:"info";N;s:9:"insert_id";N;s:11:"server_info";N;s:14:"server_version";N;s:4:"stat";N;s:8:"sqlstate";N;s:16:"protocol_version";N;s:9:"thread_id";N;s:13:"warning_count";N;}s:10:"*numRows";i:1;s:13:"*affectRows";i:1;s:9:"*result";b:1;}}"
var_dump from results.php for $_POST['object'] - (serialized)
string(690) "O:4:"User":7:{s:9:"*userId";s:2:"27";s:7:"*name";s:5:"Admin";s:8:"*email";s:13:"admin@nrt.com";s:9:"*rights";s:5:"Super";s:9:"*cookie";N;s:12:"*lastLogin";s:10:"1475435341";s:5:"*db";O:8:"Database":4:{s:7:"*link";O:6:"mysqli":19:{s:13:"affected_rows";N;s:11:"client_info";N;s:14:"client_version";N;s:13:"connect_errno";N;s:13:"connect_error";N;s:5:"errno";N;s:5:"error";N;s:10:"error_list";N;s:11:"field_count";N;s:9:"host_info";N;s:4:"info";N;s:9:"insert_id";N;s:11:"server_info";N;s:14:"server_version";N;s:4:"stat";N;s:8:"sqlstate";N;s:16:"protocol_version";N;s:9:"thread_id";N;s:13:"warning_count";N;}s:10:"*numRows";i:1;s:13:"*affectRows";i:1;s:9:"*result";b:1;}}"
So as you can see the serialized versions are the same.. Once i unserialize on the results.php i should be able to use the object as i did before right?
Edit: As suggested, and what i tried before posting this question was the decode the variable and then unserialize it. But it returns an error
if(isset($_POST['object'])){ $decodeObjStr = json_decode($_POST['object']); $session = unserialize($decodeObjStr);}
Fatal error: Call to a member function getName() on boolean
var dump for decoded_json.
var_dump($decodeObjStr);
NULL
Why? This is the first thing that popped into my head when reading your question. Why would you want to do this? It is a huge security risk, which can (and probably will) expose your users' details to a third party.
Not to mention, giving the users a trivial way to increase their own permissions by simply editing the HTML code in their browser's built-in tools..
Most importantly: Why not use the built-in functionality of sessions, and their associated cookie? That way you only need to run session_start(), and use the $_SESSION array to store stuff in. Also, no need to involve AJAX or even JavaScript on this, as this functionality is all server-side. Sending data to the client, for it to just re-send it back to the server unchanged, is a bit unnecessary. Especially when you can just store it on the server in the first place. Don't you agree? :)
In this case I strongly recommend using sessions. Store the userID in the session, and use this to re-create the user object on each load. Querying the database if necessary.
There should be absolutely no need to serialize the object, nor creating your own custom-built "session state engine".
Quick code example:
index.php
session_start ();
$user = new User ();
// Woodoo here, creating new user or logging in.
$_SESSION['userid'] = $user->getID ();
?>
<html>
<a href="results.php">Results</a>
</html>
results.php
session_start ();
$user = new User();
// Read the user's details from the DB, finalizing the object for use.
$user->read ($_SESSION['id']);
// Now we can do whatever we wanted to with the $user object.
Use json_decode() built in PHP function before making it unserialized.