您的位置: 首页  >  技术问答  >  如何使用pdo php在数据库中存储带有命名空间的序列化对象

如何使用pdo php在数据库中存储带有命名空间的序列化对象

分类: 技术问答 2022-03-16 11:08:32

如何使用pdo php在数据库中存储带有命名空间的序列化对象

问题描述:

When i try to store serialized object with namespace i cant do that beacuse i got error unterminated quoted string at or near "'O:22:"protect\classes\Router". Code:

$router = new protect\classes\Router();
$tmp = serialize($router);

$dsn = 'pgsql:dbname=system;host=127.0.0.1';
$user = 'postgres';
$password = 'mypassword';
$pdo = new PDO($dsn, $user, $password, $options);
$pdo->exec('SET search_path = temporary');
$pdo->query("SELECT replace_value('protect\classes\Router','$tmp','serialized_classes')");  // this is my function it`s work fine

If i use php function addslashes before query executed for exampe 

  $tmp = addslashes(serialize($router));

the query is successful executed. Unfortunately serialized object with additional slashes is disorder.

I will grateful for help with this topic.

当我尝试使用命名空间存储序列化对象时我无法做到这一点因为我得到了错误未终止的引用字符串在或附近“ 'O:22:“protect \ classes \ Router”。代码: p> 

  $ router = new protect \ classes \ Router(); 
 $ tmp = serialize($ router  ); 
 
 $ dsn ='pgsql:dbname = system; host = 127.0.0.1'; 
 $ user ='postgres'; 
 $ password ='mypassword'; 
 $ pdo = new PDO($  dsn,$ user,$ password,$ options); 
 $ pdo-> exec('SET search_path = temporary'); 
 $ pdo-> query(“SELECT replace_value('protect \ classes \ Router',  '$ tmp','serialized_classes')“); //这是我的功能它工作正常
  code>  pre> 
 
 
如果我在执行查询之前使用php函数addslashes 例如 p> 
 
 


  $ tmp = addslashes(serialize($ router)); 
  code>  pre> 
 
 
查询成功执行。 不幸的是,带有额外斜线的序列化对象是无序的。 p> 
 
 


我将非常感谢您对此主题的帮助。 p> 
  div>

There are several things wrong here, but the biggest is that you aren't using query parameters.

Don't use addslashes. If you find yourself using that, you should think "oops, I need to go fix the query so I use parameters instead".

In this case, you should be writing something like:

$sth = $pdo->prepare('SELECT replace_value(?, ?, ?)');
$sth->execute(array('protect\classes\Router', $tmp, 'serialized_classes'));

You haven't mentioned what the data type of the argument you pass the serialized data to is. The above will only work if it is text or varchar or similar.

If it's bytea like it should be for serialized object data, you must tell PHP that the parameter is a binary field:

$sth = $pdo->prepare('SELECT replace_value(:router, :serialbytes, :mode)');
$sth->bindParam(':router', 'protect\classes\Router');
$sth->bindParam(':mode', 'serialized_classes');
$sth->bindParam(':serialbytes', $tmp, PDO::PARAM_LOB);
$sth->execute();

Note the use of PDO::PARAM_LOB to tlel PDO that $tmp contains binary data to be passed to PostgreSQL as bytea.

(It's fine to put constants like 'protect\classes\Router' directly into your queries, btw, so long as you split them out into params if they ever become variables. I mostly separated them because I find it more readable in a query like this.)

I was facing same problem - and found out here that this is the zer-byte problems. After some development I created an adapter for Zend Serializer (ZF2) that overloads serialize/unserialize methods in a way that it will be possible to store these serialized values in PostgreSQL.

The code you can find below - hopefully it will somehow useful :)

use Zend\Serializer\Adapter\PhpSerialize;

/**
 *
 * Class overloads serialization methods so serialized objects will be PostgreSQL safe
 * For further information on safe/unsafe objects:
 * http://php.net/manual/en/function.serialize.php#96504
 *
 */
class PostgresSerialize extends PhpSerialize {

    const DEFAULT_SAFE_NULLBYTE_REPLACEMENT = "~~NULL_BYTE~~";

    protected static $serializedFalse = null;

    public function serialize($value) {
        $serializedString = parent::serialize($value);
        if (strpos($this->options['safe_nullbyte_replacement'], $serializedString))
            throw new \RuntimeException('Cannot perform safe nullbyte replace operation since safe_nullbyte_replacement="' .  $this->options['safe_nullbyte_replacement'] . '"value already exists in the serialized string', \Zend\Log\Logger::ERR);
        if ($this->options['safe_nullbyte_replacement'] == null)
            $this->options['safe_nullbyte_replacement'] = self::DEFAULT_SAFE_NULLBYTE_REPLACEMENT;
        return str_replace("\0", $this->options['safe_nullbyte_replacement'], $serializedString);
    }

    public function unserialize($serialized) {
        if ($this->options['safe_nullbyte_replacement'] == null)
            $this->options['safe_nullbyte_replacement'] = self::DEFAULT_SAFE_NULLBYTE_REPLACEMENT;
        $serializedString = str_replace($this->options['safe_nullbyte_replacement'], "\0", $serialized);
        return parent::unserialize($serializedString);
    }

}

相关推荐