PHP - Manual: igbinary_unserialize
2025-10-25
(PECL igbinary >= 1.1.1)
igbinary_unserialize — Creates a PHP value from a stored representation from igbinary_serialize()
igbinary_unserialize() takes a single serialized variable from igbinary_serialize() and converts it back into a PHP value.
Untrusted user input must not be passed to igbinary_unserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Instead a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) should be used, if serialized data needs to be passed to a client.
If there is the need to unserialize externally-stored serialized data, hash_hmac() can be used for data validation. It is important to ensure that nobody has tampered with the data.
The igbinary serialization format does not provide a way to distinguish between different reference groups for the same value. All PHP references to a given value as treated as part of the same reference group when unserialized, even if they were parts of difference reference groups when serialized.
strThe serialized string generated by igbinary_serialize().
If the value being unserialized is an object, after successfully reconstructing the object igbinary will automatically attempt to call the __unserialize() or __wakeup() methods (if one exists).
注意: unserialize_callback_func directive
The callback specified in the unserialize_callback_func directive is called when an undefined class is unserialized. If no callback is specified, the object will be instantiated as __PHP_Incomplete_Class.
The converted value is returned, and can be a bool, int, float, string, array, object, or null.
   In case the passed string is not unserializeable, false is returned and
   E_NOTICE or E_WARNING is issued.
  
Objects may throw Throwables in their unserialization handlers.
官方地址:https://www.php.net/manual/en/function.igbinary-unserialize.php