首先定义类和对象,然后输出序列化和反序列化结果看看这是个什么东西
class Stu{
public $name;
public $age;
public $sex;
public $score;
}
$stu1 = new Stu();
$stu1->name = "order";
$stu1->age = 22;
$stu1->sex = true;
var_dump($stu1);
print("
");
$a=serialize($stu1);
echo $a;
print("
");
$b=unserialize($a);
var_dump($b);
?>
输出结果如图
class Stu{
public $name;
public $age;
public $sex;
public $score;
public function __wakeup(){
if(@$_GET['cmd']=="order"){
system("calc");
}
}
}
$stu1 = new Stu();
$stu1->name = "order";
$stu1->age = 22;
$stu1->sex = true;
// var_dump($stu1);
// print("
");
$a=serialize($stu1);
// echo $a;
print("
");
$b=unserialize($a);
// var_dump($b);
?>
一片空白
传参执行过后即可实现代码执行