serialization and deserialization

The definition of serialization and deserialization ：

• serialize It is the process of converting an object into a byte sequence of a string for storage

"O:6:"People":3:{s:4:"name";s:5:"error";s:3:"age";s:2:"20";s:3:"sex";s:1:"M";}" 

It can be seen that , After serialization, the output result is a string of characters .

O  Express object, An object 
6 "People"  Indicates that the length of the object name is 6, be known as "People"
3  Express 3 Attributes 
s  by "string" type 
4  For attributes name The length of 
7  For attribute value error The length of 

And so on , The properties of a class are ;N; ending ,;} End a string of serialized characters .

• serialize The most important effect ： When passing and saving objects . Ensure the integrity and transitivity of the object . Object into an ordered byte stream , To transfer over the network or save in a local file .
• Deserialization Is the string ( example ) Process of converting to object
  
• Deserialization The most important role of ： According to the object state and description information saved in the byte stream , Rebuild objects by deserializing .

PHP Principle of deserialization
The serialized string entered by the user was not detected , This will allow the attacker to control the deserialization process , This leads to code execution ,SQL Inject , Directory traversal and other uncontrollable consequences . Some magic methods are automatically triggered during deserialization . When deserializing, it is possible to trigger some magic methods in the object .
PHP The key functions of serialization and deserialization ：
serialize(): Convert an object to characters
unserialize(): Restore characters to an object
The technology used in deserialization can be distinguished between class and non class by checking whether there is class, There is a class , Where there are classes, there will be magic methods

PHP Center the two underscores __ The first method is called magic method （Magic methods）, These methods are in PHP It plays a very important role in .

PHP Specific cases of magic methods can be referred to PHP manual —PHP Magic method

Specific methods and cases
Detailed explanation of sixteen magic methods ：

https://segmentfault.com/a/1190000007250604

1. _ _construct()： Class constructor

Precautions for declaring constructors in classes
Only one constructor can be declared in the same class , as a result of ,PHP Constructor overloading is not supported

2. _ _destruct()： Destructor of class

Generally speaking , The method of deconstruction is in PHP Is not very commonly used , It is an optional part of the genus , It is usually used to clean up objects before they are destroyed .

3. _ _call()： Called when an invocable method is invoked in an object
4. _ _callStatic()： Call in an static way when an invocable method is called
5. _ _get()： Call when you get a member variable of a class

stay PHP In object oriented programming , The member attribute of a class is defined as private after , If we try to call it outside, it will appear “ A private property is not accessible ” Error of . So in order to solve this problem , We can use _ _get().

_ _get The role of , While the program is running , Through it, you can get the value of private members outside the object

6. _ _set()： Called when setting a member variable of a class
7. _ _isset()： When an inaccessible property is called isset() or empty() Called when the
8. _ _unset()： When called on an inaccessible property unset() When called
9. _ _sleep()： perform serialize() when , This function will be called first
10. _ _wakeup()： perform unserialize when , This function will be called first
11. _ _toString()： The response method when a class is treated as a string
12. _ _invoke()： The response method when an object is called by calling a function
13. _ _set_state()： call var_export() When exporting a class , This static method will be called
14. _ _clone()： Called when the object copy is complete
15. _ _dutoload()： Trying to load an undefined class
16. _ _debugInfo： Print the required debug information
    Range training