Serialization in PHP

Serialization in PHP

Serialize — Generates a storable representation of a value


string serialize ( mixed $value )

  • Generates a storable representation of a value.
  • This is useful for storing or passing PHP values around without losing their type and structure.
  • To make the serialized string into a PHP value again, use unserialize().



The value to be serialized. serialize() handles all types except the resource type. You can even serialize() arrays that contain references to themselves. Circular references inside the array/object you are serializing will also be stored. Any other reference will be lost.

When serializing objects, PHP will attempt to call the member function _sleep() prior to serialization. This is to allow the object to do any last-minute clean-up, etc., prior to being serialized. Likewise, when the object is restored using unserialize(), the _wakeup() member function is called.

Note: Object's private members have the class name prepended to the member name; protected members have a '*' prepended to the member name. These prepended values have null bytes on either side.

Return Values :

  • Returns a string containing a byte-stream representation of value that can be stored anywhere.
  • Note that this is a binary string that may include null bytes and needs to be stored and handled as such. For example, serialize() output should generally be stored in a BLOB field in a database rather than a CHAR or TEXT field.


/* $session_data contains a multi-dimensional array with session
information for the current user. We use serialize() to store
it in a database at the end of the request. */
$conn = odbc_connect("webdb", "php", "chicken");
$stmt = odbc_prepare($conn,
"UPDATE sessions SET data = ? WHERE id = ?");
$sqldata = array (serialize($session_data), $_SERVER['PHP_AUTH_USER']);
if (!odbc_execute($stmt, $sqldata)) {
$stmt = odbc_prepare($conn,
"INSERT INTO sessions (id, data) VALUES(?, ?)");
if (!odbc_execute($stmt, $sqldata)) {
/* Something went wrong.. */

Note: Note that many built-in PHP objects cannot be serialized. However, those with this ability either implement the Serializable interface or the magic __sleep() and __wakeup() methods. If an internal class does not fulfill any of those requirements, it cannot reliably be serialized. There are some historical exceptions to the above rule, where some internal objects could be serialized without implementing the interface or exposing the methods. Notably, the ArrayObject prior to PHP 5.2.0.