Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Language Reference : Classes and Objects (PHP 4) : Serializing objects - objects in sessions

Serializing objects - objects in sessions

Note:

In PHP 3, objects will lose their class association throughout the process of serialization and unserialization. The resulting variable is of type object, but has no class and no methods, thus it is pretty useless (it has become just like an array with a funny syntax).

Caution:

The following information is valid for PHP >= 4 only.

serialize() returns a string containing a byte-stream representation of any value that can be stored in PHP. unserialize() can use this string to recreate the original variable values. Using serialize to save an object will save all variables in an object. The functions in an object will not be saved, only the name of the class.

In order to be able to unserialize() an object, the class of that object needs to be defined. That is, if you have an object $a of class A on page1.php and serialize this, you'll get a string that refers to class A and contains all values of variabled contained in $a. If you want to be able to unserialize this on page2.php, recreating $a of class A, the definition of class A must be present in page2.php. This can be done for example by storing the class definition of class A in an include file and including this file in both page1.php and page2.php.

<?php
// classa.inc:
 
 
class A {
     var
$one = 1;
   
     function
show_one() {
         echo
$this->one;
     }
 }
 
// page1.php:

 
include("classa.inc");
 
 
$a = new A;
 
$s = serialize($a);
 
// store $s somewhere where page2.php can find it.
 
$fp = fopen("store", "w");
 
fwrite($fp, $s);
 
fclose($fp);

// page2.php:
 
 // this is needed for the unserialize to work properly.
 
include("classa.inc");

 
$s = implode("", @file("store"));
 
$a = unserialize($s);

 
// now use the function show_one() of the $a object.  
 
$a->show_one();
?>

If you are using sessions and use session_register() to register objects, these objects are serialized automatically at the end of each PHP page, and are unserialized automatically on each of the following pages. This basically means that these objects can show up on any of your pages once they become part of your session.

It is strongly recommended that you include the class definitions of all such registered objects on all of your pages, even if you do not actually use these classes on all of your pages. If you don't and an object is being unserialized without its class definition being present, it will lose its class association and become an object of class stdClass without any functions available at all, that is, it will become quite useless.

So if in the example above $a became part of a session by running session_register("a"), you should include the file classa.inc on all of your pages, not only page1.php and page2.php.

Code Examples / Notes » language.oop.serialization

markg

When working with a installation where Register Globals if off.  You must remeber to use $_SESSION['objectName'] to  store objects that will be used on multiple pages.
To re-use a saved object, you must define your object (i.e. include it's class file) before you call session_start(), or the object becomes unusable.


william

When storing an object that was generated with:
$row = mysql_fetch_object($result)
there is no apearent way to define the class of that object in the next page, without querying the database, and fetching a row as an object.  This needs to be done so any such objects can be restored (deserialized) from a PHP4 Session.  
It needs to be done before session_start() or session_register().


kendlj

Was wondering, if References are also lost after serializing and deserializing in php5.
Wrote a testfile and my result is:
All references are restored corretly. Even if the classes where recursively referenced.
Here is the code of the file:
<?
//check refereneces
class A
{
public $a_var;
/**
* @var B
*/
public $parent;

public function __construct($parent)
{
$this->parent=$parent;
}
}
class B
{
/**
* @var A
*/
public $Ref_auf_A;
/**
* @var A
*/
public $aObj;

public $name="";

public function __construct($InhaltA)
{
$this->aObj=new A($this);
$this->aObj->a_var=$InhaltA;

$this->Ref_auf_A=$this->aObj;
}
}
$B_obj = new B("Inhalt von A");
$B_obj->name="My is <defaultName>";
echo "Object B before serializing:<pre>";
print_r($B_obj);
echo "</pre>
";
$serB=serialize($B_obj);
echo "Object B serialized: ".$serB."
";
$B_obj = unserialize($serB);
echo "Object B deserializedt:<pre>";
print_r($B_obj);
echo "</pre>
";
$B_obj->Ref_auf_A->a_var="Test";
echo "Object A reference content changed, should have changed everywhere:<pre>";
print_r($B_obj);
echo "</pre>
";
//Change name of object where A parent references to.
$B_obj->Ref_auf_A->parent->name="My name changed";
echo $B_obj->name;
?>


hhuggins

The problem with objects during session management arise because the object definition must exist before starting the session.  i.e. if you have object x and you want to use it in a session, you have to perform the following.
<?
class x
{
...definition here
}
// php now knows what x is... start the session
session_start();
session_register("x_as_variable");
?>
if object x is defined in another file, make sure that the file is included or required BEFORE you start the session.
<?
require("x.inc");
session_start();
session_register("x_as_variable");
?>
This stops the INCOMPLETE_OBJECT response eliminating the need to create an array representation for an object.


i hate spam

The deserialize callback function is pretty useless if you name your classes and files using title case (ie ClassName.php), because PHP changes all classnames to lower case!!!

dan

Serialization is very useful for the storing of objects in databases.
The following example stores an obbect in a mySQL db:
# Seperate Class.
include 'thisObjectClass.php';
# Create instance of a class.
$object = new thisObjectClass;
# Create link to the database
$link = mysql_connect('host', 'user', 'password');
mysql_select_db('dbname', $link);
# Formulate query and submit.
$sql_query = mysql_query("INSERT INTO objecttable(object) VALUES (serialize($object)") or print (mysql_error());
# Retrieve blob object.
$sql_query = mysql_query("SELECT object FROM objecttable WHERE 1) or print (mysql_error());
$row = mysql_fetch_row($sql_query);
# This should show string / text data.
print $row[0];
# This should show 'object'.
print unserialize($row[0])."
";
# Close db link.
mysql_close($link);


ggiulb

PHP.INI FILE AND SESSION.AUTO_START
Set
session.auto_start = 0
in php.ini file if you want that all works well during serialization/unserialization.
If session.auto_start is set to 1 all class definition is loaded after unserialization process, infact you obtain a messagge error  like this "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition className of the object you are trying to operate on was loaded _before_ the session was started in scriptFile on line n"


fluw

never serialize an object, if it contains references to itself. Just create the object in an array, or make a reference of this object in an array before calling serialize() and serialize the array instead of the object.
print_r is fine to validate a reference: The reference will be serialized in a right way, if print_r returns a *recursive* on right place (look carefully).
Just have a look on this small example:
<?
class foo {
var $bar;

function addBar() {
$this->bar = new bar(&$this);
}
}

class bar {
var $parentFoo;

function bar(&$partentBean) {
$this->parentFoo =& $partentBean;
}
}

$foo = new foo();
$foo->addBar();

$fooArray = array(&$foo);

echo "<pre>";
print_r($foo);
echo serialize($foo);
echo "</pre>";

echo "<pre>";
print_r($fooArray);
echo serialize($fooArray);
echo "</pre>";

?>
OutPut:
foo Object
(
   [bar] => bar Object
       (
           [parentFoo] => foo Object
               (
                   [bar] =>  *RECURSION*
               )
       )
)
O:3:"foo":1:{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";O:3:"foo":1:
{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";R:3;}}}} //sorry for linebreak
Array
(
   [0] => foo Object
       (
           [bar] => bar Object
               (
                   [parentFoo] =>  *RECURSION*
               )
       )
)
a:1:{i:0;O:3:"foo":1:{s:3:"bar";O:3:"bar":1:{s:9:"parentFoo";R:2;}}}
if you serialize the object, the the refernce becomes a copy an first the reference inside the copy is a real reference, (but just only to the copy, for sure :).


fdreger

It seems that serializing an object dereferences all its attributes that were references - even if the object they referenced was contained within the serialized one.
Consider this example:
<?
class foo {
 var $a=new array();
}
$example=new foo;
$obj=new whatever();
$example->a[]=&$obj;
$example->a[]=$obj;
//now $example contains a list with
//both: an object and a reference to that object
//let us serialize and immediately unserialize $example:
$string=serialize(example);
$example=unserialize(string);
//now the situation is completely different!
//$example contains just two identical objects,
//the reference is lost
?>


ndp9

In case this isn't clear:
In 4.2 and below: session.auto_start and session objects are mutually exclusive.


karsten

If you use __autoload(), this is also used when unserialize() hits a serialized class. So no need to include() all files everywhere...

maurits_dekkers

If you have register_globals = on, then be very careful about naming conventions when it comes to sessions and objects.
Example:
<?php
/* Setting the session variable, which becomes "$order" if register_globals is on */
session_start()
$_SESSION["order"] = "SomeValue";
/* Instantiating an object with the same name as the session variable */
$order = new Classname;
?>
This will activate the __PHP_Incomplete_class object within your session variable! This, all references and methods to $order will not work.
Took me hours to figure this out, so I hope this is helpful.


okoro22

I had a problem using session_register() to globally store a class that I was working with. I hope my solution will help beginners understand this concept of sessions in PHP
When you use session_register() to store any object, yes you don't need to call session_start() unless you want to. However in other pages where you want to use that object, you must call session_start() after you have included the class definition of the file. Failure to do this will unserlize your object without its functions and it will be pretty useless.
Hope it helps someone.
Cheers.


nate

I can't store an instance of MySQLPagedResultSet (I grabbed this code from Kevin Yank at Sitepoint) in my session without losing all the data.  This seems related to the previous post since the result set member variable is from calling mysql_query().  It doesn't get serialized properly and when I retrieve it from the session the result set is empty.
My workaround is store the query (ie. select * from mydata where id in (1,2,3...)) instead of the result set.  In this particular case, it works beautifully and yields a big performance boost, since the id's are generated from several other queries that can now be avoided.  With query caching on in mysql, I would not be surprised if this is just as fast or faster than retrieving the result set from the session.  There are fewer potential data synchronization problems, too, since the info from mydata is fresh.


felizk

Got around the session_auto_start problem by using:
session_write_close();
class defination
session_start();
works for me


arthurp

Good news when serializing a class and then reading it back into the similar or modified class.
PHP behaves very well when a class was serialized and then it is unserialized to initialize similar class or when the class was modified meanwhile.
Try this sample:
First version of the class A contains members $one and $three. An instance of this class is stored into the file.
The second version of the class A contains members $one as in prevoius but it also contains $two and and it doesn't contain $three member. The file is read back.
Resulting class is still working !
<?php
/////////////////////////////
// classa.inc:
class A
{
var $one = 1;
var $three = 3;
function show_one(){ echo $this->one."
";}
}
/////////////////////////////
// classa_modified.inc:
class A
{
var $two = 2;
var $one = 1;
function show_one(){ echo $this->one."
"; }
function show_two(){ echo $this->two."
"; }
}
/////////////////////////////
// teststore
include("classa.inc");
$a = new A;
$s = serialize($a);
// store $s somewhere where page2.php can find it.
$fp = fopen("savedclass.tmp", "w");
fputs($fp, $s);
fclose($fp);
$a->show_one();
var_dump($a);
/////////////////////////////
// testreadmodified.php:
include("classa_modified.inc");
$s = implode("", @file("savedclass.tmp"));
$a = unserialize($s);
// now use the function show_one() of the $a object.  
$a->show_one();
$a->show_two();
var_dump($a);
?>
Resulting Output:
1
2
object(a)(3) { ["two"]=> int(2) ["one"]=> int(1) ["three"]=> int(3) } ?>
Note:
- $one member is unserialized normally
- $two member exist after unserialisation and it's well initialised with value 2
- show_two() function is working after unserialization
- $thee member exist was loaded too even if it isn't declared in modified version of the class !


michael

Don't forget to lock your storage file using flock() before opening the file you wish to use to store your serialized object(s)!    PHP will make no attempt to prevent two threads or processes from writing to your file at the same time and you can easily end up with a corrupted data store unless you serialize access to your storage.  (Note that using NFS for your storage may not be lock-safe.)

evan dot php dot net

A special gotcha for unserializing stored objects.  If you alter the class (adding new methods), they will appear and be available when the object is unserialized.  If, however, you alter the parent class that the class extends, the methods are *not* available, and any renamed ones silently vanish (the method disappears and does not reappear under the new name).
A way to get around this is to create a new dummy method in the child class and rename it each time you alter the parent class.  This is very much a Bad Solution when you have to deal with a base class that is extended by dozens of other classes.  Especially when you have a database full of serialized objects, each of which is a child of the base class.  There appears to be no runtime fix.
Applies to PHP 4.  Not sure about 5.


evan

A quick note about objects containing another object as a variable. Say you have something like this:
class A {
var $A_Var;
}
class B {
var $A
var $B_Var;
function B() {
$this->A = new A();
}
}
$B = new B();
$B->A->A_Var = "A_Var value";
---
When you try to serialize() an instance of B() $B->A->A_Var doesn't seem to keep it's value.
After much fighting with this the solution I found was to append to my __sleep and __wakeup functions and serialize $this->A in __sleep and then unserialize it in __wakeup.
class A {
var $A_Var;
}
class B {
var $A
var $A_serialized;
var $B_Var;
function B() {
$this->A = new A();
}
function __sleep() {
$this->A_serialized = serialize($this->A);
return array('A_serialized', 'B_Var');
}
function __wakeup() {
$this->A = unserialize($this->A_serialized);
}
}


grant_mjtr

A quick note about automatic serialisation in sessions.
If you have an object
$myCart = new ShoppingCart();  
and this object contains variables which are objects
function ShoppingCart()
{
   $mySingleItem = new BasketItem();
}
this will work fine and you can access the contained object $mySingleItem and its methods etc ONLY WHILE YOU ARE ON THE PAGE WHERE YOU CREATED IT.
if you are using sessions and register the cart
session_register('myCart')
the ShoppingCart object is serialised and unserialised on the next page ok but the inner BasketItem object is just garbled.
The only solution I have found is to use an array in the ShoppingCart instead of an object.  What a pain!


Change Language


Follow Navioo On Twitter
class
extends
Constructors
Scope Resolution Operator (::)
parent
Serializing objects - objects in sessions
The magic functions __sleep and __wakeup
References inside the constructor
Comparing objects
eXTReMe Tracker