igbinary_unserialize
(PECL igbinary >= 1.1.1)
igbinary_unserialize — Creates a PHP value from a stored representation from igbinary_serialize()
Description
igbinary_unserialize() takes a single serialized variable from igbinary_serialize() and converts it back into a PHP value.
Untrusted user input must not be passed to igbinary_unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Instead a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) should be used, if serialized data needs to be passed to a client.
If there is the need to unserialize externally-stored serialized data, hash_hmac() can be used for data validation. It is important to ensure that nobody has tampered with the data.
The igbinary serialization format does not provide a way to distinguish between different reference groups for the same value. All PHP references to a given value as treated as part of the same reference group when unserialized, even if they were parts of difference reference groups when serialized.
Parameters
-
str -
The serialized string generated by igbinary_serialize().
If the value being unserialized is an object, after successfully reconstructing the object igbinary will automatically attempt to call the __unserialize() or __wakeup() methods (if one exists).
Note: unserialize_callback_func directive
It is possible to set a callback function which will be called, if an undefined class should be instantiated during unserializing. (to prevent getting an incomplete object
__PHP_Incomplete_Class.) The php.ini, ini_set() or .htaccess can be used to define unserialize_callback_func. Everytime an undefined class should be instantiated, it will be called. To disable this feature this setting should be emptied.
Return Values
The converted value is returned, and can be a bool, int, float, string, array, object, or null.
In case the passed string is not unserializeable, false is returned and
E_NOTICE or E_WARNING is issued.
Errors/Exceptions
Objects may throw Throwables in their unserialization handlers.
Notes
null or false is returned both in the case of an error and if unserializing
the serialized null or false value. It is possible to catch this special case by
comparing str with
igbinary_serialize(null) or igbinary_serialize(false)
or by catching the issued E_NOTICE.
See Also
- unserialize() - Creates a PHP value from a stored representation
- json_encode() - Returns the JSON representation of a value
- json_decode() - Decodes a JSON string
- hash_hmac() - Generate a keyed hash value using the HMAC method
- igbinary_serialize() - Generates a compact, storable binary representation of a value
- Autoloading Classes
- unserialize_callback_func
- __wakeup()
- __serialize()
- __unserialize()
