AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Convert PHP variables to serialized strings and unserialize PHP serialized data back to readable format.
PHP Serialization is PHP's built-in mechanism to convert complex data structures (arrays, objects, strings) into a storable string format. The serialize() function converts a PHP value to a string representation, and unserialize() restores it back to a PHP value.
Serialized strings use a compact format: s:4:"John" means a string of length 4 with value "John", i:30 means integer 30, a:3:{...} means an array with 3 elements, and b:1 means boolean true.
PHP serialization is PHP-specific and supports PHP-native types including objects with class information. JSON is language-agnostic and works across different programming languages. JSON is more portable, while PHP serialization preserves type fidelity and object references.
No. Unserializing untrusted data can lead to PHP Object Injection vulnerabilities, where attackers can manipulate serialized objects to trigger arbitrary code execution. This tool performs unserialization client-side in JavaScript and does not use PHP's unserialize(), making it safe for inspection.
This tool supports serializing and unserializing: strings (s), integers (i), floats (d), booleans (b), null (N), arrays (a), and objects (O).
Yes. You can enter object data in JSON-like format with a special __php_class__ key to specify the class name. For example: {"__php_class__":"User","name":"John","role":"admin"} will serialize to O:4:"User":2:{...}.
Yes. All serialization and unserialization happens entirely in your browser using JavaScript. No data is sent to any server. Your content never leaves your device.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026