PHP 如何从序列化的 mysql 字符串中提取变量?

在 php 文件中,我正在尝试提取此字符串中的user_name


不过,我无法弄清楚这是什么格式。我正在使用php mysqli使用此功能查询数据库

$q = "SELECT `data` FROM `sessions` WHERE `id` = '".$this->dbc->real_escape_string($cookie)."' LIMIT 1";

其中$cookie是客户端的 cookie。有人认出字符串的格式吗?

姓名、电子邮件和状态用分号分隔。名称和值由竖线分隔。值采用序列化形式。 例如。user_name|s:11:"测试帐户";

反序列化 s:11:"testaccount";你将得到 testaccount 值

想通了。使用此功能来 执行此操作。

// This is the result of about an hour's delving into PHP's hairy-ass serialization internals.
// PHP provides a session_decode function, however, it's only useful for setting the contents of
// $_SESSION.  Say, for instance, you want to decode the session strings that PHP stores in its
// session files -- session_decode gets you nowhere.
// There are a bunch of nasty little solutions on the manual page[1] that use pretty hairy regular
// expressions to get the job done, but I found a simple way to use PHP's unserialize and recurse
// through the string extracting all of the serialized bits along the way.
// It's not speedy (it calls unserialize AND serialize for each session element), but it's accurate
// because it uses PHP's internal serialized object parser.  Fun trivia: PHP's serialized object
// parser is an ugly-ass little compiled regular expression engine.  But hey, it works, let's not
// reinvent this wheel.
// [1]:
define("SESSION_DELIM", "|");
function unserialize_session($session_data, $start_index=0, &$dict=null) {
isset($dict) or $dict = array();
$name_end = strpos($session_data, SESSION_DELIM, $start_index);
if ($name_end !== FALSE) {
$name = substr($session_data, $start_index, $name_end - $start_index);
$rest = substr($session_data, $name_end + 1);
$value = unserialize($rest);      // PHP will unserialize up to "|" delimiter.
$dict[$name] = $value;
return unserialize_session($session_data, $name_end + 1 + strlen(serialize($value)), $dict);
return $dict;
$session_data = …; // A string from a PHP session store.
$session_dict = unserialize_session($session_data);
