PHP 序列化函数 - 将序列化数据添加到 mysql 然后获取并显示 [英] PHP Serialize Function - Adding serialized data to mysql and then fetch and display
问题描述
我想知道PHP的serialize函数是否100%安全,另外如果我们把序列化的数据存入数据库,拿到后想做点什么,会不会是个好办法.
I want to know whether the PHP serialize function is 100% secure, also if we store serialized data into a database and want to do something after fetching it, will it be a nice way.
例如:-我有一个具有不同用户权限的网站,现在我想将特定权限的权限设置存储到我的数据库中(我要存储的数据是通过php序列化功能完成的),现在当用户登录我想获取此数据并为客户设置权限.
For example:- I have a website with different user privileges, now i want to store the permissions settings for a particular privilege to my database (This data i want to store is to be done through php serialize function), now when a user logs in i want to fetch this data and set the privilege for the customer.
现在我可以做这件事了,我想知道的是,这是最好的方法还是可以做一些更有效的事情.
Now i am ok to do this thing, what i want to know is, whether it is the best way to do or something more efficient can be done.
另外,我正在阅读 php 手册并找到了这段代码,谁能解释一下这段代码中发生的事情:- [特别是为什么使用 base64_encode?]
Also, i was going through php manual and found this code, can anybody explain me a bit what's happening in this code:- [Specially why base64_encode is used?]
<?php
mySerialize( $obj ) {
return base64_encode(gzcompress(serialize($obj)));
}
myUnserialize( $txt ) {
return unserialize(gzuncompress(base64_decode($txt)));
}
?>
另外,如果有人可以向我提供他们自己的代码来向我展示如何以最有效的方式做这件事.
Also if somebody can provide me their own code to show me to do this thing in the most efficient manner.
我有一个问题,我有很多字段可以作为特权,现在假设我有 45 个供管理员使用的模块和 30 个供用户在权限/特权下使用的模块.将来(因为我一直在这个项目上工作)我将添加越来越多的模块,比如说大约 100 个,那么我将如何定义权限.甚至我正在添加一个模块来创建具有自定义权限的自定义组.我将如何实现它,同时牢记效率?请帮助:|
我不会使用序列化数据进行搜索
我的数据库:-
注意:- 用户权限将通过:privileges_level 授予
Note:- Users privileges will be granted through : privileges_level
注意:-在 privileges_permissions 中,我想以序列化的形式添加所有权限.
Note:- In privileges_permissions i want to add all the privileges in a serialized form.
谢谢.
推荐答案
我想知道PHP序列化函数是否100%安全
I want to know whether the PHP serialize function is 100% secure
此功能与安全完全无关.它只是将复杂数据结构表示为字符串的一种方式.就是这样.
数据库安全是另一回事,完全无视数据形式的来源.
this function has nothing to do with security at all. It's just a way to represent complex data structure as a string. that's all.
Database security is another matter, completely indifferent to the source of the form of the data.
如果我们将序列化的数据存储到数据库中,并希望在获取它之后做一些事情,这是不是一个好方法.
if we store serialized data into a database and want to do something after fetching it, will it be a nice way.
绝对不是
这样一来,您就破坏了关系数据库的整体思路,您应该使用它.
数据应该以普通形式存在于数据库中,意味着原子 - 每个实体占据不同的单元格.不是一堆无法与其他数据建立任何关系的非结构化无法访问的数据.
Definitely NOT
This way you are spoiling the whole neat idea of the relational databases, which you are supposedly using.
A data should be present in the database in the Normal form, means atomic - each entity occupying distinct cell. Not a whole bunch of unstructured unaccessible data with no possibility of establishing any relation with other data.
这段代码发生了什么
没有任何意义.
从标题开始回答问题
- 不要在mysql中存储序列化数据
- 创建一个表/表结构来表示您的应用程序的数据结构,保持所有数据位分开且可访问.
我不会使用序列化数据进行搜索
I AM NOT GOING TO USE SERIALIZED DATA FOR SEARCHING
这只是一种错觉,因为缺乏经验.
This is but a delusion, from the lack of experience.
欢迎几个月后回来,提出一个问题帮我重做我的设置!它失控了!"
Welcome back in couple months, with a question "help me to redone my setup! it is going out of control!"
这篇关于PHP 序列化函数 - 将序列化数据添加到 mysql 然后获取并显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
