This little function returns true if a data string was made by igbinary_serialize() and can be passed to igbinary_unseriaize().
function is_igbinary($data) {
return is_string($data) && '00000002' === bin2hex(substr($data, 0, 4));
}
It doesn't validate the contents of the data string, or ensure it is safe to decode if it came from an untrusted source. But it is handy when trying to avoid unserializing data that wasn't serialized.igbinary_unserialize
(PECL igbinary >= 1.1.1)
igbinary_unserialize — Creates a PHP value from a stored representation from igbinary_serialize()
Опис
igbinary_unserialize() takes a single serialized variable from igbinary_serialize() and converts it back into a PHP value.
Увага
Untrusted user input must not be passed to igbinary_unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Instead a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) should be used, if serialized data needs to be passed to a client.
If there is the need to unserialize externally-stored serialized data, hash_hmac() can be used for data validation. It is important to ensure that nobody has tampered with the data.
Увага
The igbinary serialization format does not provide a way to distinguish between different reference groups for the same value. All PHP references to a given value as treated as part of the same reference group when unserialized, even if they were parts of difference reference groups when serialized.
Параметри
str-
The serialized string generated by igbinary_serialize().
If the value being unserialized is an object, after successfully reconstructing the object igbinary will automatically attempt to call the __unserialize() or __wakeup() methods (if one exists).
Зауваження: unserialize_callback_func directive
The callback specified in the unserialize_callback_func directive is called when an undefined class is unserialized. If no callback is specified, the object will be instantiated as __PHP_Incomplete_Class.
Значення, що повертаються
The converted value is returned, and can be a bool, int, float, string, array, object, or null.
In case the passed string is not unserializeable, false is returned and
E_NOTICE or E_WARNING is issued.
Помилки/виключення
Objects may throw Throwables in their unserialization handlers.
Примітки
Прогляньте також
- unserialize() - Creates a PHP value from a stored representation
- json_encode() - Returns the JSON representation of a value
- json_decode() - Decodes a JSON string
- hash_hmac() - Generate a keyed hash value using the HMAC method
- igbinary_serialize() - Generates a compact, storable binary representation of a value
- Autoloading Classes
- unserialize_callback_func
- __wakeup()
- __serialize()
- __unserialize()
+add a note
User Contributed Notes 1 note
olliejones at gmail dot com ¶
1 year ago
-
0
pcntl_sigtimedwaitWaits for signals, with a timeout
-
0
similar_textCalculate the similarity between two strings
-
0
boolvalGet the boolean value of a variable
-
0
curl_multi_closeClose a set of cURL handles
-
0
imap_bodyRead the message body
-
0
mb_strposFind position of first occurrence of string in a string
-
0
pg_send_prepareSends a request to create a prepared statement with the given parameters, without waiting for completion
-
0
swoole_native_socket_bind
-
0
Arr::prependKeysWith
-
0
zend_versionGets the version of the current Zend engine