Comparing between serialize() and var_export() (2)

Date 2008-11-12 04:08:39 | Category: PHP

in englishin japanese

A) security

You may feel it is dangerous to use eval().
Of course, you should not unserialize requested text.
However, you cannot use unserialize() for requested text also.

B) speed

A script for verification.

#!/usr/local/bin/(php-cli binaries)

function getmicrotime()
        list($usec, $sec) = explode(" ",microtime());
        return ((float)$sec + (float)$usec);

function var_import( $data ) {
        eval( '$ret='.$data.';' ) ;
        return $ret ;

$data = ( big array ) ;

$time_start = getmicrotime();

for( $i = 0 ; $i < $_SERVER['argv'][1] ; $i ++ ) {
        $serialized_data = serialize( $data ) ;
        $restored_data = unserialize( $serialized_data ) ;
        $serialized_data = var_export( $data , true ) ;
        $restored_data = var_import( $serialized_data ) ;

$time_end = getmicrotime() ;
echo $time_end - $time_start , "sec. \n" ;

# 100 (blue)
# 100 (red)

serialize()/unserialize() is faster than var_export()/eval() 3-4 times.
This result is independent from PHP versions.

But you should check the absolutely value.
Serializations is not so costed processes.
Then, I can say this is a disregardable cost.

C) usability

var_export()/eval() sweeps it

var_export()/eval() is free from encoding troubles.
And you can edit serialized text as you like.

D) conclusion

This is a standard to select it.

serialize() : redundant data / a lot of arrays
var_export() : primary data / few arrays

E) digression

I will use var_export()/eval() in my works.
pico in my developping tree has been already modified it.

You can read more news at PEAK XOOPS.

The URL for this story is: