serialize

(PHP 4, PHP 5, PHP 7, PHP 8)

serialize — Genera una representación almacenable de un valor

Descripción

serialize(mixed $value): string

Devuelve un array en forma de string.

Es una técnica útil para almacenar o pasar valores PHP entre scripts sin perder su estructura ni su tipo.

Para recuperar una variable serializada y obtener un valor PHP, se debe utilizar unserialize().

Parámetros

value

El valor a serializar. serialize() acepta todos los tipos excepto los recursos recurso y ciertos objects (ver nota a continuación). Asimismo, es posible serializar un array que contenga referencias a sí mismo. Las referencias cíclicas en arrays/objetos también serán almacenadas. Todas las demás referencias se perderán.

Al serializar un objeto, PHP intentará llamar a las funciones miembro __serialize() o __sleep() antes de serializar. Esto permite al objeto realizar una última limpieza, etc. antes de ser serializado. De manera similar, cuando el objeto es restaurado utilizando unserialize(), se llama a la función miembro __unserialize() o __wakeup().

Nota:
Los atributos privados de un objeto tendrán el nombre de la clase prefijado al nombre del atributo; los atributos protegidos serán prefijados con un asterisco '*'. Estos valores prefijados tienen caracteres nulos a ambos lados.

Valores devueltos

Devuelve un string que contiene una representación en forma de flujo de bytes que puede ser almacenada en cualquier lugar.

Cabe señalar que se trata de una cadena binaria que puede incluir bytes nulos, y por lo tanto debe ser almacenada y gestionada como tal. Por ejemplo, la salida de serialize() generalmente debe ser almacenada en un campo de tipo BLOB de una base de datos, en lugar de en un campo de tipo CHAR o TEXT.

Ejemplos

Ejemplo #1 Ejemplo con serialize()

<?php
// $session_data contiene un array multidimensional, con la información de sesión del usuario actual. Se utiliza serialize() para almacenarlos en una base de datos

$conn = odbc_connect("webdb", "php", "chicken");
$stmt = odbc_prepare($conn,
      "UPDATE sessions SET data = ? WHERE id = ?");
$sqldata = array (serialize($session_data), $_SERVER['PHP_AUTH_USER']);
if (!odbc_execute($stmt, $sqldata)) {
    $stmt = odbc_prepare($conn,
     "INSERT INTO sessions (id, data) VALUES(?, ?)");
    if (!odbc_execute($stmt, array_reverse($sqldata))) {
        /* ¡Ha ocurrido un problema! */
    }
}
?>

Notas

Nota:
Cabe señalar que muchos objetos internos de PHP no pueden ser serializados. Sin embargo, aquellos que pueden implementan ya sea la interfaz Serializable o los métodos mágicos __serialize()/__unserialize() o __sleep()/__wakeup(). Si una clase interna no cumple ninguna de estas condiciones, no puede ser serializada de manera confiable.

Existen excepciones históricas a esta regla, donde los objetos internos pueden ser serializados aunque no implementen la interfaz o expongan los métodos mágicos previstos para este efecto.

Advertencia

Cuando la función serialize() serializa objetos, la barra invertida final no está incluida en el espacio de nombres del nombre de la clase, y esto es para una máxima compatibilidad.

Ver también

unserialize() - Crea una variable PHP a partir de un valor serializado
var_export() - Devuelve el código PHP utilizado para generar una variable
json_encode() - Retorna la representación JSON de un valor
Serializing Objects
__sleep()
__wakeup()
__serialize()
__unserialize()

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 7 notes

down

372

egingell at sisna dot com ¶

19 years ago

<?
/*
Anatomy of a serialize()'ed value:

 String
 s:size:value;

 Integer
 i:value;

 Boolean
 b:value; (does not store "true" or "false", does store '1' or '0')

 Null
 N;

 Array
 a:size:{key definition;value definition;(repeated per element)}

 Object
 O:strlen(object name):object name:object size:{s:strlen(property name):property name:property definition;(repeated per property)}

 String values are always in double quotes
 Array keys are always integers or strings
    "null => 'value'" equates to 's:0:"";s:5:"value";',
    "true => 'value'" equates to 'i:1;s:5:"value";',
    "false => 'value'" equates to 'i:0;s:5:"value";',
    "array(whatever the contents) => 'value'" equates to an "illegal offset type" warning because you can't use an
    array as a key; however, if you use a variable containing an array as a key, it will equate to 's:5:"Array";s:5:"value";',
     and
    attempting to use an object as a key will result in the same behavior as using an array will.
*/
?>

down

287

Anonymous ¶

13 years ago

Please! please! please! DO NOT serialize data and place it into your database. Serialize can be used that way, but that's missing the point of a relational database and the datatypes inherent in your database engine. Doing this makes data in your database non-portable, difficult to read, and can complicate queries. If you want your application to be portable to other languages, like let's say you find that you want to use Java for some portion of your app that it makes sense to use Java in, serialization will become a pain in the buttocks. You should always be able to query and modify data in the database without using a third party intermediary tool to manipulate data to be inserted. 

I've encountered this too many times in my career, it makes for difficult to maintain code, code with portability issues, and data that is it more difficult to migrate to other RDMS systems, new schema, etc. It also has the added disadvantage of making it messy to search your database based on one of the fields that you've serialized. 

That's not to say serialize() is useless. It's not... A good place to use it may be a cache file that contains the result of a data intensive operation, for instance. There are tons of others... Just don't abuse serialize because the next guy who comes along will have a maintenance or migration nightmare.

down

mark at bvits dot co dot uk ¶

2 years ago

There is a type not mentioned in the user notes so far, 'E'.  This is the newer Enum class that can be utilised:

login_security|E:25:"Permission:manageClient"

down

MC_Gurk at gmx dot net ¶

19 years ago

If you are going to serialie an object which contains references to other objects you want to serialize some time later, these references will be lost when the object is unserialized.
The references can only be kept if all of your objects are serialized at once.
That means:

$a = new ClassA(); 
$b = new ClassB($a); //$b containes a reference to $a;

$s1=serialize($a);
$s2=serialize($b);

$a=unserialize($s1);
$b=unserialize($s2);

now b references to an object of ClassA which is not $a. $a is another object of Class A.

use this:
$buf[0]=$a;
$buf[1]=$b;
$s=serialize($buf);
$buf=unserialize($s);
$a=$buf[0];
$b=$buf[1];

all references are intact.

down

nh at ngin dot de ¶

12 years ago

Serializing floating point numbers leads to weird precision offset errors:

<?php

echo round(96.670000000000002, 2);
// 96.67

echo serialize(round(96.670000000000002, 2));
// d:96.670000000000002;

echo serialize(96.67);
// d:96.670000000000002;

?>

Not only is this wrong, but it adds a lot of unnecessary bulk to serialized data. Probably better to use json_encode() instead (which apparently is faster than serialize(), anyway).

down

Andrew B ¶

12 years ago

When you serialize an array the internal pointer will not be preserved. Apparently this is the expected behavior but was a bit of a gotcha moment for me. Copy and paste example below.



<?php

//Internal Pointer will be 2 once variables have been assigned.

$array = array();

$array[] = 1;

$array[] = 2;

$array[] = 3;



//Unset variables. Internal pointer will still be at 2.     

unset($array[0]);

unset($array[1]);

unset($array[2]);



//Serialize

$serializeArray = serialize($array);



//Unserialize

$array = unserialize($serializeArray);



//Add a new element to the array

//If the internal pointer was preserved, the new array key should be 3.

//Instead the internal pointer has been reset, and the new array key is 0.

$array[] = 4;



//Expected Key - 3

//Actual Key - 0

echo "<pre>" , print_r($array, 1) , "</pre>";

?>

down

frost at easycast dot ru ¶

11 years ago

Closures cannot be serialized:
<?php
$func = function () {echo 'hello!';};
$func(); // prints "hello!"

$result = serialize($func);  // Fatal error: Uncaught exception 'Exception' with message 'Serialization of 'Closure' is not allowed' 
?>

＋add a note