Asked  7 Months ago    Answers:  5   Viewed   33 times

I was wondering if anyone could point me to a resource where the details of a serialized php string is documented. I would basically like to know the format/structure so I can write a function in VB.NET to serialize/deserialize it back.




The basic structure is as follows:

Scalar types:

  1. Booleans are serialized as:


    where <i> is an integer with a value of either 0 (false) or 1 (true).

  2. Integers are serialized as:


    where <i> is the integer value.

  3. Floats are serialized as (with d meaning double):


    where <f> is the float value.

  4. Strings are serialized as:


    where <i> is an integer representing the string length of <s>, and <s> is the string value.

Special types:

  1. null is simply serialized as:


Compound types:

  1. Arrays are serialized as:


    where <i> is an integer representing the number of elements in the array, and <elements> zero or more serialized key value pairs:


    where <key> represents a serialized scalar type, and <value> any value that is serializable.

  2. Objects are serialized as:


    where the first <i> is an integer representing the string length of <s>, and <s> is the fully qualified class name (class name prepended with full namespace). The second <i> is an integer representing the number of object properties. <properties> are zero or more serialized name value pairs:


    where <name> is a serialized string representing the property name, and <value> any value that is serializable.

    There's a catch with <name> though:

    <name> is represented as


    where <i> is an integer representing the string length of <s>. But the values of <s> differs per visibility of properties:

    a. With public properties <s> is the simple name of the property.

    b. With protected properties, however, <s> is the simple name of the property, prepended with * — an asterix, enclosed in two NUL characters (i.e. chr(0)).

    c. And with private properties, <s> is the simple name of the property, prepended with <s><s>, enclosed in two NUL characters, where <s> is the fully qualified class name.

There are a few other cases, such as R:<i>;, that represents references, that I haven't mentioned here (because I honestly haven't figured out the exact workings of it yet), but this should give you a decent idea about PHP's serializing mechanism.

Wednesday, March 31, 2021
answered 7 Months ago

Not tested, but probably something like if(preg_match("/^[0-9,]+$/", $a)) $a = str_replace(...)

Wednesday, March 31, 2021
answered 7 Months ago

"608E-4234" is the float number format, so they will cast into number when they compares.

608E-4234 and 272E-3063 will both be float(0) because they are too small.

For == in php,

If you compare a number with a string or the comparison involves numerical strings, then each string is converted to a number and the comparison performed numerically.


What about the behavior in javascript which also has both == and ===?

The answer is the behavior is different from PHP. In javascript, if you compare two value with same type, == is just same as ===, so type cast won't happen for compare with two same type values.

In javascript:

608E-4234 == 272E-3063 // true
608E-4234 == "272E-3063" // true
"608E-4234" == 272E-3063 // true
"608E-4234" == "272E-3063" // false (Note: this is different form PHP)

So in javascript, when you know the type of the result, you could use == instead of === to save one character.

For example, typeof operator always returns a string, so you could just use

typeof foo == 'string' instead of typeof foo === 'string' with no harm.

Wednesday, March 31, 2021
answered 7 Months ago


function addItem($serializedArray, $item)
   $a = unserialize($serializedArray);
   $a[] = $item;
   return serialize($a);
Wednesday, March 31, 2021
answered 7 Months ago

The workaround you mentioned is the right way of doing it. Saving tokens, using and updating them as they become expired - the way most companies stick to.

Only in cases of new users or expired tokens the OAuth should be used. The API you use is not important. You can actually retreive authentication through JavaScript and pass it to PHP for further usage.


Saturday, May 29, 2021
answered 5 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :