2. 技术
    3. java反序列化PHPSerializer 序列化的对象参数描述

    java反序列化PHPSerializer 序列化的对象参数描述

    技术2022-07-10  134

    maven 引用的包

    <!--反序列化 php--> <dependency> <groupId>org.sction</groupId> <artifactId>phprpc</artifactId> <version>3.0.2</version> </dependency

    主要的操作方法:

    public static Map<String, Object> getUnserializeMap(String content) throws Exception { Map<String, Object> list = new HashMap<String, Object>(); PHPSerializer p = new PHPSerializer(); if (StringUtils.isEmpty(content)) return list; AssocArray array = (AssocArray) p.unserialize(content.getBytes()); for (int i = 0; i < array.size(); i++) { Map<String, Object> t = (Map) Cast.cast(array.get(i), Map.class); list.putAll(t); } return list; } /** * 对java 对象序列化 * @param obj * @return */ public static String PHPSerialize(Object obj) { try { PHPSerializer p = new PHPSerializer(); byte[] b = p.serialize(obj); return new String(b); } catch (Exception e) { log.error("==php序列化失败==", e); } return ""; }

    上示例:

    public static void main(String[] args) throws Exception { List<Map<String, Integer>> list = new ArrayList<Map<String,Integer>>(); Map<String, Integer> map = new HashMap<String, Integer>(); map.put("test1", 1); list.add(map); map = new HashMap<String, Integer>(); map.put("test2", 2000); list.add(map); System.out.println(PHPSerialize(list)); List<Map<String, String>> list1 = new ArrayList<Map<String,String>>(); Map<String, String> map2 = new HashMap<String, String>(); map2.put("test1", "1"); list1.add(map2); map2 = new HashMap<String, String>(); map2.put("test2", "2000"); list1.add(map2); System.out.println(PHPSerialize(list1)); }

    由两个 List<Map> 的对象数据  但是map的类型不同输出的结果有差别

    输出如下:

    a:2:{i:0;a:1:{s:5:"test1";i:1;}i:1;a:1:{s:5:"test2";i:2000;}} a:2:{i:0;a:1:{s:5:"test1";s:1:"1";}i:1;a:1:{s:5:"test2";s:4:"2000";}}

    这里我们可以得出结论 随着map的类型的变化  i:2000; 和 s:4:"2000";  这个的结构也会变  那么i其实对应的是php里的整型而s 代表的是字符型 s后面的值是字符的长度

    示例二:

    public static void main(String[] args) throws Exception { String content = "a:1:{i:0;a:1:{s:33:\"3839914ceb851278cb14a5ab7364e9ec0\";i:1;}}"; System.out.println(getUnserializeMap(content)); }

    这里可以将   String content = "a:1:{i:0;a:1:{s:33:\"3839914ceb851278cb14a5ab7364e9ec0\";i:1;}}" 字符转成map结构

    输出: {3839914ceb851278cb14a5ab7364e9ec0=1}

    Processed: 0.013, SQL: 9