Serialize This – Saving Objects in PHP

    April 7, 2005

When building my website “Crossword Heaven” I came across a problem. I created a PHP object called “crossword” but needed to save the information in the object to a database. Now considering that this object contained a lot of information this was not an easy thing to do. Or was it?

The answer: serialize().

What the serialize() function does is take something like an array or object and converts it into a string that can be stored in a database. All I had to do so that I could save the crossword object is something like “serialize($crossword).” Easy! Some words of warning though. If you’re using a version of PHP less than version 4 watch out because only properties get saved, not methods.

Here’s a peek at the actual code:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp $data = addslashes(serialize($crossword));
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp $name="";
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp if(isset($xwordInfo['xword_name'])){
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp $name = $xwordInfo['xword_name'];
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp }

&nbsp&nbsp&nbsp $today = date('Y-m-d H-i-s');

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp $sql = "INSERT INTO `xword` ( `xword_id` , `xword_obj` ,
`xword_name`, `xword_owner`, `xword_width`,
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp `xword_height`,`xword_date`)
&nbsp&nbsp&nbsp&nbsp&nbsp VALUES ('', '" . $data . "', '$name', '$owner',
'$width', '$height', '$today');";

And here’s the SQL to create the table ‘xword’:

CREATE TABLE `xword` (
`xword_id` int(11) NOT NULL auto_increment,
`xword_obj` blob NOT NULL,
`xword_name` varchar(100) NOT NULL default '',
`xword_owner` varchar(100) NOT NULL default '',
`xword_width` int(11) NOT NULL default '0',
`xword_height` int(11) NOT NULL default '0',
`xword_date` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`xword_id`)

You’ll see that I used the addSlashes() function. That’s because when the crossword object was serialized it contained characters like double quotes. These had to be escaped before the crossword could be saved to the database.

Now having saved a crossword object to a database I had to have a way to get it back. Surely, if there was a method to serialize an object there had to be one to unserialize an object, right? And yes, there is: unserialize().

As you’d expect, unserialize() works the same way as serialize(), but in the opposite direction. You give it some serialized data and it returns the thing that was serialized. To get the crossword back all I had to do was something like “unserialize($crosswordData).”

Here’s a look at the code:

&nbsp&nbsp&nbsp&nbsp $xwordId = (get_magic_quotes_gpc()) ? $xwordId :

&nbsp&nbsp&nbsp&nbsp $sql = "SELECT xword_id, xword_obj, xword_name, xword_age
from w3b_xword where xword_id=$xwordId";
&nbsp&nbsp&nbsp&nbsp $result = parent::getSQL($sql);
$row = parent::getRow($result);

&nbsp&nbsp&nbsp&nbsp if(parent::getNumRows($result)>0){
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp $crossword = unserialize($row['xword_obj']);
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp }

And that’s it. Obviously serialize() and unserialize() are pretty handy functions to have around. And in my case I couldn’t do without them.

Kevin Davies is the webmaster of Crossword Heaven
( – a site that lets you create and
solve crosswords online. If you’re a webmaster you can also link to
crosswords. Crosswords are a great way to keep your visitors on your
site and keep them returning.