php - 反序列化()[函数。反序列化] : Error at offset 49151 of 49151 bytes

Question

在将对象存储到数据库中而不是检索它之后，我像网站上的许多人一样出现了偏移错误。如果我不存储它一切正常:

$serializedObject = serialize($this);
$unSerializedObject = unserialize($serializedObject);

此外，我在保存数据和从数据库中检索数据时使用 base64 编码，但这无济于事。我没有做任何逃避。我的对象处理一些字符串。我发现这个字符串:

A woman is travelling around the world. She is 28 years old and she is from Great Britain.
She cannot use a car or a plane on her

它工作正常。但是当我再加一个空格和单词[journey]时，错误就弹出来了。这是包含这个词的字符串:

A woman is travelling around the world. She is 28 years old and she is from Great Britain.
She cannot use a car or a plane on her journey

我的问题是为什么会弹出错误？

Here是针对没有单词 journey

的文本运行 serialize($this) 的输出

Here是 serialize($this) 针对包含单词 journey

的文本运行的输出

更新

我要将对象保存到的表具有字符集 utf-8 和没有定义字符集的列，因为它是 BLOB 类型。mb_detect_encoding(serialize($this)) 返回 UTF-8

$sql 没有转义。这是在我使用的 Kohana 框架内执行查询的方式:

$result = mysql_query($sql, $this->_connection)

Answer 1

原答案:

A TEXT field in MySQL stores up to 65535 bytes, so my guess is it is being truncated there.

Use a MEDIUMTEXT or LONGTEXT instead.

除此之外，将数据传入和传出数据库的方式也存在潜在问题。 PHP 序列化字符串可以包含空字节(字节 0)，这似乎是未正确传输的内容。

解决此问题的一种方法是通过类似 base64_encode() 的方法对字符串进行编码，它使用非常友好的字母数字/符号字母表。如果您将 BLOB 类型增加到 MEDIUMBLOB 或 LONGBLOB，这将解决您的问题。

但是，如果您正确地将查询发送到数据库，则可以安全地发送原始字符串。由于您使用的是 Kohana，因此这里有一个非常适合我的示例。

简短版:

$sql = 'INSERT INTO serialized_object (data) VALUES (:data)';
DB::query(Database::INSERT, $sql)->
  param(':data', $serialization)->
  execute();

代码:

<?php 
class Article {}
class Word {}

class Controller_Welcome extends Controller
{
    public function action_index()
    {
        $object = unserialize(hex2bin(file_get_contents('/tmp/data.hex')));
        $serialization = serialize($object);

        $sql = 'INSERT INTO serialized_object (data) VALUES (:data)';
        DB::query(Database::INSERT, $sql)->
            param(':data', $serialization)->
            execute();

        $saved_length = DB::query(Database::SELECT, '
            SELECT LENGTH(data) AS l
            FROM serialized_object
            ORDER BY id DESC
            LIMIT 1
        ')->execute()->get('l');

        if ($saved_length != strlen($serialization))
        {
            throw new Exception("Database length is incorrect. Value is corrupted in database.");
        }

        $saved_serialization = DB::query(Database::SELECT, '
            SELECT data
            FROM serialized_object
            ORDER BY id DESC
            LIMIT 1
        ')->execute()->get('data');

        $saved_object = unserialize($saved_serialization);

        if (!$saved_object)
        {
            throw new Exception("Unable to unserialize object.");
        }

        if ($saved_object != $object)
        {
            throw new Exception("Saved object is not equal to object.");
        }

        $this->response->body('Everything is fine.');
    }

} 

数据库.php:

<?php

return array
(
    'default' => array(
        'type'       => 'PDO',
        'connection' => array(
            /**
             * The following options are available for PDO:
             *
             * string   dsn         Data Source Name
             * string   username    database username
             * string   password    database password
             * boolean  persistent  use persistent connections?
             */
            'dsn'        => 'mysql:host=127.0.0.1;dbname=test',
            'username'   => 'root',
            'password'   => '****',
            'persistent' => FALSE,
        ),
        /**
         * The following extra options are available for PDO:
         *
         * string   identifier  set the escaping identifier
         */
        'table_prefix' => '',
        'charset'      => 'utf8',
        'caching'      => FALSE,
    ),
);

架构:

CREATE TABLE `serialized_object` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `data` longblob NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8