Structure of a Serialized PHP string

by

The basic structure is as follows:

Scalar types:

  1. Booleans are serialized as: 

    b:<i>;

    where <i> is an integer with a value of either 0 (false) or 1 (true).

  2. Integers are serialized as:

    i:<i>;

    where <i> is the integer value.

  3. Floats are serialized as (with d meaning double):

    d:<f>;

    where <f> is the float value.

  4. Strings are serialized as:

    s:<i>:"<s>";

    where <i> is an integer representing the string length of <s>, and <s> is the string value.

Special types:

  1. null is simply serialized as:

    N;

Compound types:

  1. Arrays are serialized as:

    a:<i>:{<elements>}

    where <i> is an integer representing the number of elements in the array, and <elements> zero or more serialized key value pairs:

    <key><value>

    where <key> represents a serialized scalar type, and <value> any value that is serializable.

  2. Objects are serialized as:

    O:<i>:"<s>":<i>:{<properties>}

    where the first <i> is an integer representing the string length of <s>, and <s> is the fully qualified class name (class name prepended with full namespace). The second <i> is an integer representing the number of object properties. <properties> are zero or more serialized name value pairs:

    <name><value>

    where <name> is a serialized string representing the property name, and <value> any value that is serializable.

    There’s a catch with <name> though:

    <name> is represented as

    s:<i>:"<s>";

    where <i> is an integer representing the string length of <s>. But the values of <s> differs per visibility of properties:

    a. With public properties <s> is the simple name of the property.

    b. With protected properties, however, <s> is the simple name of the property, prepended with \0*\0 — an asterix, enclosed in two NUL characters (i.e. chr(0)).

    c. And with private properties, <s> is the simple name of the property, prepended with \0<s>\0<s>, enclosed in two NUL characters, where <s> is the fully qualified class name.

There are a few other cases, such as R:<i>;, that represents references, that I haven’t mentioned here (because I honestly haven’t figured out the exact workings of it yet), but this should give you a decent idea about PHP’s serializing mechanism.

More Related Contents:

  1. What kind of string is this? How do I unserialize this string? [duplicate]
  2. How to fix “warning illegal string”?
  3. How can I combine two strings together in PHP?
  4. How to generate all permutations of a string in PHP?
  5. Remove multiple whitespaces
  6. PHP convert string to hex and hex to string
  7. Converting an integer to a string in PHP
  8. PHP substring extraction. Get the string before the first ‘/’ or the whole string
  9. PHP unserialize fails with non-encoded characters?
  10. Is a new line = \n OR \r\n?
  11. Title case a string containing one or more last names while handling names with apostrophes
  12. Php – regular expression to check if the string has chinese chars
  13. How to get first x chars from a string, without cutting off the last word?
  14. Escape string to use in mail()
  15. Find first character that is different between two strings
  16. PHP: Split multibyte string (word) into separate characters
  17. What does the b in front of string literals do?
  18. Highlight keywords in a paragraph
  19. Search and replace multiple values with multiple/different values in PHP5?
  20. Explode string into array with no empty elements?
  21. Get the sum of all digits in a numeric string
  22. Reverse the letters in each word of a string
  23. How to separate letters and digits from a string in php
  24. How does PHP compare strings with comparison operators?
  25. How to get the first word of a sentence in PHP?
  26. How to convert array values to lowercase in PHP?
  27. How do I get the byte values of a string in PHP?
  28. How to validate that a string only contain lowercase letters?
  29. Regex to match an IP address [closed]
  30. How do I detect non-ASCII characters in a string?

Leave a Comment