laravel 反序列化laravel中的数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/48125903/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
unserialize data in laravel
提问by mafortis
I saved my cart data to the orderstable with the serializemethod, now in my orders 'view' page, I want to display them to the user to show their order history.
我orders使用该serialize方法将我的购物车数据保存到表中,现在在我的订单“查看”页面中,我想向用户显示它们以显示他们的订单历史记录。
How can I revert the previously serialized data to usable objects/arrays within PHP?
如何将以前序列化的数据恢复为 PHP 中的可用对象/数组?
The code snippet of where I save the data: $order->cart = serialize($cartItems);.
我保存数据的位置的代码片段:$order->cart = serialize($cartItems);。
The method I try to return my orders index view:
我尝试返回我的订单索引视图的方法:
/**
* Action to receive all orders from the current
* logged-in user. This action will return the
* 'front.orders' view with the orders compacted inside.
*
* @return orders view
*/
public function orders() {
// get the orders from the current logged in user
$orders = Order::where('user_id', '=', Auth::user()->id)->get();
// view the `front.orders` page passing in the `orders` variable
return view('front.orders', compact('orders'));
}
回答by Alexey Mezenin
You can use map()method to unserializecart property for the whole collection:
$orders = $orders->map(function($i) {
$i->cart = unserialize($i->cart);
return $i;
});
Alternatively, you could use an accessorto automatically unserialize property:
或者,您可以使用访问器自动反序列化属性:
public function getCartAttribute($value)
{
return unserialize($value);
}
Or just unserializethe data in Blade:
或者只是在 Blade 中反序列化数据:
@foreach ($orders as $order)
{{ unserialize($order->cart)->someData }}
@endforeach
回答by Ruslan Mavlyanov
Sure you can use built-in unserialize()function from previous answers.
当然,您可以使用unserialize()先前答案中的内置函数。
But
但
Avoid using unserialize()in your code because of exloit:
unserialize()由于漏洞利用,避免在您的代码中使用:
https://www.notsosecure.com/remote-code-execution-via-php-unserialize/https://www.php.net/manual/en/function.unserialize.php
https://www.notsosecure.com/remote-code-execution-via-php-unserialize/ https://www.php.net/manual/en/function.unserialize.php
I would use secure simple lib from Magento 1: https://github.com/bragento/magento-core/tree/1.9/lib/Unserialize
我会使用 Magento 1 中的安全简单库:https: //github.com/bragento/magento-core/tree/1.9/lib/Unserialize
$parser = new Unserialize_Parser();
$parser->unserialize($yourStringWithArray)
回答by csabinho
serializeis just a built-in, variable handling, PHP function. The counterpart of this is unserialize.
