PHP Serialize / Unserialize

Convert PHP variables to serialized strings and unserialize PHP serialized data back to readable format.

Home
> Encoder & Decoder >
PHP Serialize / Unserialize

Serialize

PHP Variable (JSON format):

PHP Serialized String:

Unserialize

PHP Serialized String:

Decoded PHP Variable:

What is PHP Serialization?

PHP Serialization is PHP's built-in mechanism to convert complex data structures (arrays, objects, strings) into a storable string format. The serialize() function converts a PHP value to a string representation, and unserialize() restores it back to a PHP value.

Serialized strings use a compact format: s:4:"John" means a string of length 4 with value "John", i:30 means integer 30, a:3:{...} means an array with 3 elements, and b:1 means boolean true.

PHP Serialization Format

Strings: s:length:"value"; — e.g., s:4:"John";
Integers: i:number; — e.g., i:30;
Floats: d:number; — e.g., d:3.14;
Booleans: b:1; (true) or b:0; (false)
Null: N;
Arrays: a:count:{key;value;...} — sequential and associative
Objects: O:class_length:"class_name":num_props:{...}

How to Use This PHP Serialize/Unserialize Tool

Serialize — Enter a PHP variable in JSON format in the left panel, then click Serialize to convert it to a PHP serialized string.
Unserialize — Paste a PHP serialized string in the right panel, then click Unserialize to decode it back to readable format.
Swap & Clear — Click Swap to exchange serialize/unserialize values, Clear All to reset everything.

Common Use Cases

Debugging serialized data — Inspect PHP serialized strings from databases, caches, or session data to understand their structure.
Data migration — Convert serialized PHP data when migrating between systems or upgrading PHP versions.
API development — Generate serialized PHP strings for testing PHP applications that use serialization for data exchange.
Security analysis — Examine serialized objects for potential PHP object injection vulnerabilities.
WordPress & CMS debugging — Decode serialized data stored in WordPress options, post meta, or other CMS databases.

Frequently Asked Questions

What is the difference between PHP serialization and JSON?

PHP serialization is PHP-specific and supports PHP-native types including objects with class information. JSON is language-agnostic and works across different programming languages. JSON is more portable, while PHP serialization preserves type fidelity and object references.

Is unserializing data safe?

No. Unserializing untrusted data can lead to PHP Object Injection vulnerabilities, where attackers can manipulate serialized objects to trigger arbitrary code execution. This tool performs unserialization client-side in JavaScript and does not use PHP's unserialize(), making it safe for inspection.

What types does this tool support?

This tool supports serializing and unserializing: strings (s), integers (i), floats (d), booleans (b), null (N), arrays (a), and objects (O).

Can I serialize objects with this tool?

Yes. You can enter object data in JSON-like format with a special __php_class__ key to specify the class name. For example: {"__php_class__":"User","name":"John","role":"admin"} will serialize to O:4:"User":2:{...}.

Is this tool safe for sensitive data?

Yes. All serialization and unserialization happens entirely in your browser using JavaScript. No data is sent to any server. Your content never leaves your device.