private变量与 protected 变量序列化后的特点
\x00 + 类名 + \x00 + 变量名 -> 反序列化为 private 变量
\x00 + * + \x00 + 变量名 -> 反序列化为protected变量
O是对象,s是 字符串 ,i是数字
因为是private修饰的所以要加%00充当空格
<?php
highlight_file(__FILE__);
class user{
private $name2 = 'leo';
protected $age2 = 19;
public function print_data(){
echo $this->name2 . ' is ' . $this->age2 . ' years old <br>';
}
}
$user = new user();
$user->print_data();
echo serialize($user);
?> leo is 19 years old
O:4:"user":2:{s:11:" user name2";s:3:"leo";s:7:" * age2";i:19;}
注:O是对象,s是字符串,i是数字; %00user%00name2、%00*%00age2
例:/?select=O:4:"Name":3:{s:14:"%00Name%00username";s:5:"admin";s:14:"%00Name%00password";i:100;}