客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
序列化概述: 序列化 (Serialization)将对象的状态信息转换为可以存储或传输的形式的过程。在序列化期间,对象将其当前状态写入到临时或持久性存储区。以后,可以通过从存储区中读取或反序列化对象的状态,重新创建该对象。
序列化使其他代码可以查看或修改那些不序列化便无法访问的对象实例数据。确切地说,代码执行序列化需要特殊的权限:即指定了 SerializationFormatter 标志的 SecurityPermission。在默认策略下,通过 Internet 下载的代码或 Intranet 代码不会授予该权限;只有本地计算机上的代码才被授予该权限。
通常,对象实例的所有字段都会被序列化,这意味着数据会被表示为实例的序列化数据。这样,能够解释该格式的代码有可能能够确定这些数据的值,而不依赖于该成员的可访问性。类似地,反序列化从序列化的表示形式中提取数据,并直接设置对象状态,这也与可访问性规则无关。
对于任何可能包含重要的安全性数据的对象,如果可能,应该使该对象不可序列化。如果它必须为可序列化的,请尝试生成特定字段来保存不可序列化的重要数据。如果无法实现这一点,则应注意该数据会被公开给任何拥有序列化权限的代码,并确保不让任何恶意代码获得该权限。
序列化目的:
序列化又称串行化,是.NET运行时环境用来支持用户定义类型的流化的机制。其目的是以某种存储形成使自定义对象持久化,或者将这种对象从一个地方传输到另一个地方。 using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.IO; using System.Runtime.Serialization.Formatters.Binary; /// <summary> /// ClassToSerialize 的摘要说明 /// </summary> [Serializable] public class ClassToSerialize { public int id = 100; public string name = "Name"; [NonSerialized] public string Sex = "男"; } 下面是串行化和反串行化的方法: public void SerializeNow() { ClassToSerialize c = new ClassToSerialize(); FileStream fileStream = new FileStream("c:\\temp.dat", FileMode.Create); BinaryFormatter b = new BinaryFormatter(); b.Serialize(fileStream, c); fileStream.Close(); } public void DeSerializeNow() { ClassToSerialize c = new ClassToSerialize(); c.Sex = "kkkk"; FileStream fileStream = new FileStream("c:\\temp.dat", FileMode.Open, FileAccess.Read, FileShare.Read); BinaryFormatter b = new BinaryFormatter(); c = b.Deserialize(fileStream) as ClassToSerialize; Response.Write(c.name); Response.Write(c.Sex); fileStream.Close(); } 调用上述两个方法就可以看到串行化的结果:Sex属性因为被标志为[NonSerialized],故其值总是为null。 using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Xml.Serialization; [Serializable] public class Person { private string name; public string Name { get { return name; } set { name = value; } } public string Sex; public int Age = 31; public Course[] Courses; public Person() { } public Person(string Name) { name = Name; Sex = "男"; } } [Serializable] public class Course { public string Name; [XmlIgnore] public string Description; public Course() { } public Course(string name, string description) { Name = name; Description = description; } } 序列化和反序列化方法: public void XMLSerialize() { Person c = new Person("cyj"); c.Courses = new Course[2]; c.Courses[0] = new Course("英语", "交流工具"); c.Courses[1] = new Course("数学","自然科学"); XmlSerializer xs = new XmlSerializer(typeof(Person)); Stream stream = new FileStream("c:\\cyj.XML",FileMode.Create,FileAccess.Write,FileShare.Read); xs.Serialize(stream,c); stream.Close(); } public void XMLDeserialize() { XmlSerializer xs = new XmlSerializer(typeof(Person)); Stream stream = new FileStream("C:\\cyj.XML",FileMode.Open,FileAccess.Read,FileShare.Read); Person p = xs.Deserialize(stream) as Person; Response.Write(p.Name); Response.Write(p.Age.ToString()); Response.Write(p.Courses[0].Name); Response.Write(p.Courses[0].Description); Response.Write(p.Courses[1].Name); Response.Write(p.Courses[1].Description); stream.Close(); } 这里Course类的Description属性值将始终为null,生成的xml文档中也没有该节点,如下图: <?xml version="1.0"?> <Person xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Sex>男</Sex> <Age>31</Age> <Courses> <Course> <Name>英语</Name> <Description>交流工具</Description> </Course> <Course> <Name>数学</Name> <Description>自然科学</Description> </Course> </Courses> <Name>cyj</Name> </Person> 4、自定义序列化 using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Runtime.Serialization; using System.Runtime.Serialization.Formatters.Binary; /// <summary> /// Employee 的摘要说明 /// </summary> [Serializable] public class Employee:ISerializable { public int EmpId=100; public string EmpName="刘德华"; [NonSerialized] public string NoSerialString = "NoSerialString-Test"; public Employee() { // // TODO: 在此处添加构造函数逻辑 // } private Employee(SerializationInfo info, StreamingContext ctxt) { EmpId = (int)info.GetValue("EmployeeId", typeof(int)); EmpName = (String)info.GetValue("EmployeeName",typeof(string)); //NoSerialString = (String)info.GetValue("EmployeeString",typeof(string)); } public void GetObjectData(SerializationInfo info, StreamingContext ctxt) { info.AddValue("EmployeeId", EmpId); info.AddValue("EmployeeName", EmpName); //info.AddValue("EmployeeString", NoSerialString); } } 序列化和反序列化方法: public void OtherEmployeeClassTest() { Employee mp = new Employee(); mp.EmpId = 10; mp.EmpName = "邱枫"; mp.NoSerialString = "你好呀"; Stream steam = File.Open("c:\\temp3.dat", FileMode.Create); BinaryFormatter bf = new BinaryFormatter(); Response.Write("Writing Employee Info:"); bf.Serialize(steam,mp); steam.Close(); mp = null; //反序列化 Stream steam2 = File.Open("c:\\temp3.dat", FileMode.Open); BinaryFormatter bf2 = new BinaryFormatter(); Response.Write("Reading Employee Info:"); Employee mp2 = (Employee)bf2.Deserialize(steam2); steam2.Close(); Response.Write(mp2.EmpId); Response.Write(mp2.EmpName); Response.Write(mp2.NoSerialString); } PS:本文章属个人学习总结,部分内容参考互联网上的相关文章。 其中如果发现个人总结有不正确的认知或遗漏的地方请评论告知,欢迎交流。 引文连接:http://www.cnblogs.com/qqflying/archive/2008/01/13/1037262.html |
请发表评论