serialize / unserialize php object

Question

I am having trouble understanding the concept of serialize/unserialize in PHP.

Assume I have a very simple PHP object (class someObject) and after setting the attributes of that object I want to serialize it:

So I call: serialize($someObject);

I want to transfer this serialized object into another php skript via a html form so I set it as a hidden value:

<input type="hidden" name="someObject" value="<? print $someObject; ?>"

In the next php script I want to use unserialize to get my object back and transfer it e.g. to a databae.

$unserialize = unserialize($_POST['someObject'])

But this always returns BOOL(false) - so what am I missing here?

Thanks for your help!

Answer 1

A serialized string looks like this:

O:1:"a":1:{s:3:"foo";s:3:"100";}

You have tourlencode/urldecode the serialized string to prevent any characters in the serialized representation from breaking your markup. Have a look at your page source. The first quote likely ended your HTML value attribute. So you got something like:

<input ... value="O:1:"a":1:{s:3:"foo";s:3:"100";}">

So your $_POST will never contain the full serialized string, but only O:1:

If this is not the issue, make sure you got a serialized string from the object in the first place. Also please be aware that there some objects cannot be serialized or have modified behavior when (un)serialized. Please refer to the Notes in PHP Manual for serialize for details.

If you dont need to send objects across different servers running PHP, consider persisting them in a Session instead. It's easier, less error prone and more secure because the object cannot be tampered with while in transit.

Answer 2

You need to have the class defined in your second script before you unserialize() the object