serialize() and unserialize() in PHP

In PHP, complex data like arrays or objects can’t be stored easily. If you want to keep or use this data across different parts of your script or even after the script ends, the serialize() and unserialize() functions are very helpful.

The serialize() function turns complex data into a string format that PHP can handle. Then, when you need to use that data again, you can use the unserialize() function to turn it back into its original form. This process helps you store and retrieve complex data in a way PHP understands.

PHP serialize() Function

Serialization is the process of converting a PHP value (such as an array or object) into a storable format. This format is typically a string that represents the original data in a specific structure, which can later be deserialized (converted back to its original form). Serialization is useful when:

• You need to store PHP data in databases or files.
• You want to send PHP data over a network (for example, in HTTP requests or API responses).
• You need to store session data on a server.

Syntax

string serialize ( mixed $value )

• $value: The PHP variable (array, object, or scalar) that you want to serialize.

Return Value:

• The function returns a string representing the serialized form of the PHP variable.

Now, let us understand with the help of the example:

<?php
$array = array('apple', 'banana', 'cherry');
$serializedArray = serialize($array);
echo $serializedArray;
?>

a:3:{i:0;s:5:"apple";i:1;s:6:"banana";i:2;s:6:"cherry";}

In this example, an array of fruits is serialized into a string. This string can be stored in a file or database and can be unserialized back into an array later.

PHP unserialize() Function

Unserialization is the reverse process of serialization. It involves taking a serialized string and converting it back into a PHP value (such as an array or object). The unserialize() function is used for this purpose.

Syntax

mixed unserialize ( string $data , array $options = [ ] )

• $data: The serialized string that you want to unserialize.
• $options: An optional array that can contain options like specifying classes to be used during the unserialization process.

Return Value:

• The function returns the PHP value that was originally serialized, which can be an array, object, or any other PHP type.

Now, let us understand with the help of the example:

<?php
$serializedArray = 'a:3:{i:0;s:5:"apple";i:1;s:6:"banana";i:2;s:6:"cherry";}';
$array = unserialize($serializedArray);
print_r($array);
?>

Array
(
    [0] => apple
    [1] => banana
    [2] => cherry
)

Conclusion

The serialize() and unserialize() functions are important in PHP for storing and transferring complex data structures. However, you should always ensure data safety by limiting the scope of unserialization and using it carefully in your application. For simple data, or when working with cross-platform systems, alternatives like JSON might be better choices.