EDUCBA

Home Software Development Software Development Tutorials PHP Tutorial PHP unserialize

PHP unserialize

Updated April 5, 2023

PHP unserialize

Introduction to PHP unserialize

The PHP unserialize is one of the functions that can be used for to convert the serialized datas into the actual user input datas; it is an opposite process of serialize function mainly it will focus on the arrays, mapping collections it will calculate the array index for each element the big size or some other complex data structures we used some default method for operating the datas also the unserialize () method is returning the Boolean value if the user input is not unserializeable, so the false is returned on the output console the object is created separately for unserialize function.

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

Syntax:

PHP has its own syntax for variables, keywords, and functions for creating web-based applications more sophisticated. Generally, PHP serialize format is not well documented like serialize() function; it supports serialized integers, floats, booleans, strings, arrays. Objects and it includes other references for support in the unserialize implementation.

<?php
$input= array('','');
$var = serialize($input);
$var1 = unserialize($var);
---some php codes based on the user needs---
?>

The above codes are the basic syntax for using the serialize() and unserialize() function in PHP. It supports all the data types and other default functions.

How unserialize Function Work in PHP?

The unserialize function depends on the serialize function; whatever the datas are called and used on that function, it will be fully serialized with keys. If we want to access the data, we want to deserialize the datas or unserialize the datas in the code. Then only we accessed the data; it is also used for the file concepts. Using these serialize and unserialize() functions always return the Boolean conditions it will be to secure and more protected on the unserializing objects, or we can call it as untrusted datas. So it will be avoided for some other malwares, viruses from the outside of the machine. It also secured with the code injections and even db end it will avoid some sql injections attacks for untrusted malware sites.

Generally, the unserialize() function takes two parameters, str and options; the str is one of the parameters it contains serialized strings waiting for to be deserialized, and options are one of the arrays it contains for the control for certain function behaviors it accepts only for valid users particularly inbuilt classes like allowed_classes. It accepts only for the specified class names and particularly some methods like _wakeup() and _destruct(); these methods are implementing by using the serialized objects; when we use this method, it automatically executed when the unserialize() function is called on the specific object.

Examples of PHP unserialize

Given below are the examples of PHP unserialize:

Example #1

Code:

<?php
$inputs = serialize(array('Siva', 'Raman', 'Sivaraman', 'wdigb', 'dwiugv', '87dhg', 'wdhgv', 'edhgfv', 'hfe', 'wgieufv', 'ehoije', 'iwuoegf', 'wuieguv','jdgv', 'wqgdjf', 'khwdjgh','jdhfdkswi', 'uqiwuke', 'iqweyf', 'oiuqiwleyugu' ));
echo  $inputs . '<br>';
$vars = unserialize($inputs);
var_dump ($vars);
echo $vars;
?>

Output:

PHP unserailize 1

In the above example, we used the serialize and unserialize() functions are in the same codes. Whenever the user gives the input to the application, it will store it on a separate variable, and it is the serialized one and it also to be print on the console by using the echo statements. We want to unserialize the datas by using the unserialize() function, and it will be stored it on a separate variable, and also it will be printed by using the same echo statements. If we want to print the results on the console, we will use other default methods like print, echo etc. these are some methods which is used on the PHP scripts.

Example #2

Code:

<?php
class demo {
public $vars;
}
class demo1 {
public $vars1;
}
class demo2 extends demo {
public $vars2, $vars3;
}
class demo3 extends demo2{
public $vars4;
}
class demo4 extends demo3 {
public $vars5;
}
class demo5 extends demo4 {
public $vars6;
}
class demo6 extends demo5{
public $vars7;
}
class demo7 extends demo6 {
public $vars8,$vars9, $vars10;
}
$c1 = new demo();
$c1->vars = 1234;
$c3 = new demo2();
$c3->vars2 = "Siva";
$c2 = new demo1();
$c2->vars1 = 2756876;
$d1 = serialize($c1);
$d2 = serialize($c2);
$d5 = serialize($c3);
$d3 = unserialize($d1, ["allowed_classes" => true]);
$d6 = unserialize($d5, ["allowed_classes" => true]);
$d4 = unserialize($d2, ["allowed_classes" => ["demo", "demo1"]]);
$d7 = unserialize($d5, ["allowed_classes" => ["demo", "demo1", "demo2"]]);
echo "Welcome To My Domain is: " . $d3->vars, $d6 ->vars2;
echo "<br />";
echo "Result of demo1 d3 memeber is: " . $d4->vars1;
echo "<br/>";
echo "Result of demo2 d7 memeber is: " . $d7->vars2;
?>

Output:

we used additionally some classes

In the second example, we used the same serialize and unserialize concepts. Still, here we used some classes. Additionally, parent-child relationships for each class have their own separate variables with public access modifiers for utilising the same variables outside of the classes; by using the object like that, we can initialise the values for the separate variables. They will serialise and store it on a separate variable; after that, we can deserialize the variable values and store them as separate. We can add n number of variables with individual values for serializing and unserializing the datas. We used allowed_classes to validate the serialize datas in the code.

Example #3

Code:

<?php
class demo
{
public $vars;
}
$vars1= new demo();
$vars1->vars= "siva";
$vars2= serialize($vars1);
echo "Welcome To My Domain<br> '$vars2'";
echo "<br><br>";
$vars3= unserialize($vars2);
echo "Have a Nice Day <br>";
echo  var_dump($vars3);
echo "<br> <br>";
echo "Thank you users your net result is shown" . $vars3->vars;
?>

Output:

PHP unserailize 3

In the final example, we used both serialize and unserialize functions in that we used key-value pairs for the unserialize the arrays and objects in PHP. We used one variable with the value “Siva” it will be a plain text string and then is converted back to the object that is serialized and unserialized the values.

Conclusion

In PHP, we used default functions, variables and keywords for creating the web applications user-friendly nature. Like that it can be used some default classes and methods for creating some advanced technique in the web-based applications, so that we used some techniques like serialize() and unserialize() for storing and retrieving the datas with more secure.

Recommended Articles

This is a guide to PHP unserialize. Here we discuss the introduction, syntax, and working of unserialize functions in PHP along with different examples, respectively. You may also have a look at the following articles to learn more –

  1. PHP Object to String
  2. PHP Custom Exception
  3. PHP Form Validation
  4. PHP strlen()
quiz