PHP 7.1.0 Released

Object Serialization

Serializing objects - objects in sessions

serialize() returns a string containing a byte-stream representation of any value that can be stored in PHP. unserialize() can use this string to recreate the original variable values. Using serialize to save an object will save all variables in an object. The methods in an object will not be saved, only the name of the class.

In order to be able to unserialize() an object, the class of that object needs to be defined. That is, if you have an object of class A and serialize this, you'll get a string that refers to class A and contains all values of variables contained in it. If you want to be able to unserialize this in another file, an object of class A, the definition of class A must be present in that file first. This can be done for example by storing the class definition of class A in an include file and including this file or making use of the spl_autoload_register() function.

<?php
// classa.inc:
  
  
class {
      public 
$one 1;
    
      public function 
show_one() {
          echo 
$this->one;
      }
  }
  
// page1.php:

  
include("classa.inc");
  
  
$a = new A;
  
$s serialize($a);
  
// store $s somewhere where page2.php can find it.
  
file_put_contents('store'$s);

// page2.php:
  
  // this is needed for the unserialize to work properly.
  
include("classa.inc");

  
$s file_get_contents('store');
  
$a unserialize($s);

  
// now use the function show_one() of the $a object.  
  
$a->show_one();
?>

If an application is using sessions and uses session_register() to register objects, these objects are serialized automatically at the end of each PHP page, and are unserialized automatically on each of the following pages. This means that these objects can show up on any of the application's pages once they become part of the session. However, the session_register() is removed since PHP 5.4.0.

It is strongly recommended that if an application serializes objects, for use later in the application, that the application includes the class definition for that object throughout the application. Not doing so might result in an object being unserialized without a class definition, which will result in PHP giving the object a class of __PHP_Incomplete_Class_Name, which has no methods and would render the object useless.

So if in the example above $a became part of a session by running session_register("a"), you should include the file classa.inc on all of your pages, not only page1.php and page2.php.

add a note add a note

User Contributed Notes 3 notes

up
130
php at lanar dot com dot au
7 years ago
Note that static members of an object are not serialized.
up
14
michael at smith-li dot com
1 year ago
Reading this page you'd be left with the impression that a class's `serialize` and `unserialize` methods are unrelated to the `serialize` and `unserialize` core functions; that only `__sleep` and `__unsleep` allow you to customize an object's serialization interface. But look at http://php.net/manual/en/class.serializable.php and you'll see that there is a more straightforward way to control how a user-defined object is serialized and unserialized.
up
-10
Harshwardhan (iamsmart9900 at gmail dot com)
1 year ago
class UnSerializer {

    public function __construct($filename_with_path) { /* Input the Filename  */
        $this->filename = $filename_with_path;
        if ($this->filename == true) {
            return true;
        } else {
            echo 'File Name Error';
        }
    }

    public function check_file_validity() {
        $this->validity = file_exists($this->filename);
        if ($this->validity == true) {
            return true;
        } else {
            echo 'File Not Found !';
        }
    }

    public function getting_file_content() {
        if ($this->validity == true) {
            $this->content = file_get_contents($this->filename);
            if ($this->content == true) {
                return true;
            } else {
                echo 'We Can\'t Reach to the Data';
            }
        } else {
            echo 'File Not Found !';
        }
    }

    public function get_unserial_data() {
        $this->check_file_validity();
        $this->getting_file_content();
        if (!is_null($this->content)) {
            $this->unserializedval = unserialize($this->content);
            if ($this->unserializedval == true) {
                return true;
            }
        } else {
            echo 'We Can\'t Reach to the Data';
        }
    }

    public function get_unserialized_value() {
        return $this->unserializedval;
    }

}

$object = new UnSerializer('example_directory/filename'); /* Enter file name */
$object->get_unserial_data();
var_dump($object->get_unserialized_value());
To Top