<link linkend="ini.unserialize-callback-func">unserialize_callback

igbinary_unserialize Creates a PHP value from a stored representation from igbinary_serialize &reftitle.description; mixedigbinary_unserialize stringstr igbinary_unserialize takes a single serialized variable from igbinary_serialize and converts it back into a PHP value. Untrusted user input must not be passed to igbinary_unserialize. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Instead a safe, standard data interchange format such as JSON (via json_decode and json_encode) should be used, if serialized data needs to be passed to a client. If there is the need to unserialize externally-stored serialized data, hash_hmac can be used for data validation. It is important to ensure that nobody has tampered with the data. The igbinary serialization format does not provide a way to distinguish between different reference groups for the same value. All PHP references to a given value as treated as part of the same reference group when unserialized, even if they were parts of difference reference groups when serialized. &reftitle.parameters; str The serialized string generated by igbinary_serialize. If the value being unserialized is an &object;, after successfully reconstructing the object igbinary will automatically attempt to call the __unserialize() or __wakeup() methods (if one exists). <link linkend="ini.unserialize-callback-func">unserialize_callback_func</link> directive The callback specified in the unserialize_callback_func directive is called when an undefined class is unserialized. If no callback is specified, the object will be instantiated as __PHP_Incomplete_Class. &reftitle.returnvalues; The converted value is returned, and can be a bool, int, float, string, array, object, or null. In case the passed string is not unserializeable, &false; is returned and E_NOTICE or E_WARNING is issued. &reftitle.errors; Objects may throw Throwables in their unserialization handlers. &reftitle.notes; &null; or &false; is returned both in the case of an error and if unserializing the serialized &null; or &false; value. It is possible to catch this special case by comparing str with igbinary_serialize(null) or igbinary_serialize(false) or by catching the issued E_NOTICE. &reftitle.seealso; unserialize json_encode json_decode hash_hmac igbinary_serialize Autoloading Classes unserialize_callback_func __wakeup() __serialize() __unserialize()