PHP unserialize() rebuilds a PHP value from a serialized string. It is useful for legacy data but needs care.
Common scenarios
- Reading old cache values.
- Inspecting application settings.
- Migrating serialized database columns.
Code example
$value = unserialize($payload, ['allowed_classes' => false]);
Common errors
Never call unserialize() on untrusted user input with classes enabled. Prefer JSON for new storage and APIs.