Serialize this - Saving Objects in PHP


When building my website "Crossword Heaven" I came across a problem. I created a PHP object called "crossword" but needed to save the information in the object to a database. Now considering that this object contained a lot of information this was not an easy thing to do. Or was it?

The answer: serialize().

What the serialize() function does is take something like an array or object and converts it into a string that can be stored in a database. All I had to do so that I could save the crossword object is something like "serialize($crossword)." Easy! Some words of warning though. If you're using a version of PHP less than version 4 watch out because only properties get saved, not methods.

Here's a peek at the actual code:

$data addslashes(serialize($crossword));

$name"";

if(isset($xwordInfo['xwordname'])){

$name $xwordInfo['xwordname'];

}

$today date('Y-m-d H-i-s');

$sql "INSERT INTO `xword` ( `xwordid` , `xwordobj` , `xwordname`, `xwordowner`, `xwordwidth`,

`xwordheight`,`xworddate`)

VALUES ('', '". $data. "', '$name', '$owner', '$width', '$height', '$today');";

And here's the SQL to create the table 'xword':

CREATE TABLE `xword` (

`xwordid` int(11) NOT NULL autoincrement,

`xwordobj` blob NOT NULL,

`xwordname` varchar(100) NOT NULL default '',

`xwordowner` varchar(100) NOT NULL default '',

`xwordwidth` int(11) NOT NULL default '0',

`xwordheight` int(11) NOT NULL default '0',

`xworddate` datetime NOT NULL default '0000-00-00 00:00:00',

PRIMARY KEY (`xwordid`)
) TYPEMyISAM AUTOINCREMENT1 ;

You'll see that I used the addSlashes() function. That's because when the crossword object was serialized it contained characters like double quotes. These had to be escaped before the crossword could be saved to the database.

Now having saved a crossword object to a database I had to have a way to get it back. Surely, if there was a method to serialize an object there had to be one to unserialize an object, right? And yes, there is: unserialize().

As you'd expect, unserialize() works the same way as serialize(), but in the opposite direction. You give it some serialized data and it returns the thing that was serialized. To get the crossword back all I had to do was something like "unserialize($crosswordData)."

Here's a look at the code:

$xwordId (getmagicquotesgpc()) ? $xwordId : addslashes($xwordId);

$sql "SELECT xwordid, xwordobj, xwordname, xwordage from w3bxword where xwordid$xwordId";

$result parent::getSQL($sql);

$row parent::getRow($result);

if(parent::getNumRows($result)>0){

$crossword unserialize($row['xwordobj']);

}

And that's it. Obviously serialize() and unserialize() are pretty handy functions to have around. And in my case I couldn't do without them.

About the Author

Kevin Davies is the webmaster of Crossword Heaven (http://www.crosswordheaven.com) - a site that lets you create and solve crosswords online. If you're a webmaster you can also link to crosswords. Crosswords are a great way to keep your visitors on your site and keep them returning.