1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
--TEST--
MySQL PDOStatement->fetch(), PDO::FETCH_SERIALIZE
--EXTENSIONS--
pdo_mysql
--SKIPIF--
<?php
require_once(__DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
MySQLPDOTest::skip();
?>
--FILE--
<?php
require_once(__DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
$db = MySQLPDOTest::factory();
try {
#[AllowDynamicProperties]
class myclass implements Serializable {
private static $instance = null;
protected $myprotected = 'a protected property';
// Good old magic stuff
private function __construct($caller = NULL) {
printf("%s(%s)\n", __METHOD__, $caller);
}
public function __destruct() {
// printf("%s()\n", __METHOD__);
}
public function __sleep() {
printf("%s()\n", __METHOD__);
}
public function __wakeup() {
printf("%s()\n", __METHOD__);
}
public function __call($method, $params) {
printf("%s(%s, %s)\n", __METHOD__, $method, var_export($params, true));
}
public function __set($prop, $value) {
printf("%s(%s, %s)\n", __METHOD__, $prop, var_export($value, true));
$this->{$prop} = $value;
}
public function __get($prop) {
printf("%s(%s)\n", __METHOD__, $prop);
return NULL;
}
// Singleton
public static function singleton($caller) {
printf("%s(%s)\n", __METHOD__, $caller);
if (!self::$instance) {
$c = __CLASS__;
self::$instance = new $c($caller);
}
return self::$instance;
}
// Serializable
public function serialize() {
printf("%s()\n", __METHOD__);
return 'Data from serialize';
}
public function unserialize($data) {
printf("%s(%s)\n", __METHOD__, var_export($data, true));
}
}
$db->setAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY, 0);
if (0 != $db->getAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY))
printf("[002] Unable to turn off emulated prepared statements\n");
$db->exec('DROP TABLE IF EXISTS test');
$db->exec(sprintf('CREATE TABLE test(id INT, myobj BLOB) ENGINE=%s',
MySQLPDOTest::getTableEngine()));
printf("Creating an object, serializing it and writing it to DB...\n");
$id = 1;
$obj = myclass::singleton('Creating object');
$myobj = serialize($obj);
$stmt = $db->prepare('INSERT INTO test(id, myobj) VALUES (?, ?)');
$stmt->bindValue(1, $id);
$stmt->bindValue(2, $myobj);
$stmt->execute();
printf("\nUnserializing the previously serialized object...\n");
var_dump(unserialize($myobj));
printf("\nUsing PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE to fetch the object from DB and unserialize it...\n");
$stmt = $db->prepare('SELECT myobj FROM test');
$stmt->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, 'myclass', array('PDO shall not call __construct()'));
$stmt->execute();
var_dump($stmt->fetch());
printf("\nUsing PDO::FETCH_CLASS to fetch the object from DB and unserialize it...\n");
$stmt = $db->prepare('SELECT myobj FROM test');
$stmt->setFetchMode(PDO::FETCH_CLASS, 'myclass', array('PDO shall call __construct()'));
$stmt->execute();
var_dump($stmt->fetch());
} catch (PDOException $e) {
printf("[001] %s [%s] %s\n",
$e->getMessage(), $db->errorCode(), implode(' ', $db->errorInfo()));
}
print "done!\n";
?>
--CLEAN--
<?php
require __DIR__ . '/mysql_pdo_test.inc';
$db = MySQLPDOTest::factory();
$db->exec('DROP TABLE IF EXISTS test');
?>
--EXPECTF--
Deprecated: %s implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d
Creating an object, serializing it and writing it to DB...
myclass::singleton(Creating object)
myclass::__construct(Creating object)
myclass::serialize()
Unserializing the previously serialized object...
myclass::unserialize('Data from serialize')
object(myclass)#4 (1) {
["myprotected":protected]=>
string(20) "a protected property"
}
Using PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE to fetch the object from DB and unserialize it...
Deprecated: PDOStatement::setFetchMode(): The PDO::FETCH_SERIALIZE mode is deprecated in %s on line %d
Deprecated: PDOStatement::fetch(): The PDO::FETCH_SERIALIZE mode is deprecated in %s on line %d
myclass::unserialize('C:7:"myclass":19:{Data from serialize}')
object(myclass)#%d (1) {
["myprotected":protected]=>
string(20) "a protected property"
}
Using PDO::FETCH_CLASS to fetch the object from DB and unserialize it...
myclass::__set(myobj, 'C:7:"myclass":19:{Data from serialize}')
myclass::__construct(PDO shall call __construct())
object(myclass)#%d (2) {
["myprotected":protected]=>
string(20) "a protected property"
["myobj"]=>
string(38) "C:7:"myclass":19:{Data from serialize}"
}
done!
|
