Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP is_serialized() function.
<?php
/**
* This program is free software. It comes without any warranty, to
* the extent permitted by applicable law. You can redistribute it
* and/or modify it under the terms of the Do What The Fuck You Want
* To Public License, Version 2, as published by Sam Hocevar. See
* http://sam.zoy.org/wtfpl/COPYING for more details.
*/
/**
* Tests if an input is valid PHP serialized string.
*
* Checks if a string is serialized using quick string manipulation
* to throw out obviously incorrect strings. Unserialize is then run
* on the string to perform the final verification.
*
* Valid serialized forms are the following:
* <ul>
* <li>boolean: <code>b:1;</code></li>
* <li>integer: <code>i:1;</code></li>
* <li>double: <code>d:0.2;</code></li>
* <li>string: <code>s:4:"test";</code></li>
* <li>array: <code>a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}</code></li>
* <li>object: <code>O:8:"stdClass":0:{}</code></li>
* <li>null: <code>N;</code></li>
* </ul>
*
* @author Chris Smith <code+php@chris.cs278.org>
* @copyright Copyright (c) 2009 Chris Smith (http://www.cs278.org/)
* @license http://sam.zoy.org/wtfpl/ WTFPL
* @param string $value Value to test for serialized form
* @param mixed $result Result of unserialize() of the $value
* @return boolean True if $value is serialized data, otherwise false
*/
function is_serialized($value, &$result = null)
{
// Bit of a give away this one
if (!is_string($value))
{
return false;
}
// Serialized false, return true. unserialize() returns false on an
// invalid string or it could return false if the string is serialized
// false, eliminate that possibility.
if ($value === 'b:0;')
{
$result = false;
return true;
}
$length = strlen($value);
$end = '';
switch ($value[0])
{
case 's':
if ($value[$length - 2] !== '"')
{
return false;
}
case 'b':
case 'i':
case 'd':
// This looks odd but it is quicker than isset()ing
$end .= ';';
case 'a':
case 'O':
$end .= '}';
if ($value[1] !== ':')
{
return false;
}
switch ($value[2])
{
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
break;
default:
return false;
}
case 'N':
$end .= ';';
if ($value[$length - 1] !== $end[0])
{
return false;
}
break;
default:
return false;
}
if (($result = @unserialize($value)) === false)
{
$result = null;
return false;
}
return true;
}
@xfoxawy

This comment has been minimized.

Copy link

commented Nov 13, 2014

great work ... testing it

@hazratgs

This comment has been minimized.

Copy link

commented Feb 18, 2015

nice work!

@MarkMaldaba

This comment has been minimized.

Copy link

commented Feb 22, 2016

Neat function.

Unit tests? :-)

@andibastian

This comment has been minimized.

Copy link

commented Dec 6, 2016

thanks, nice work dude

@dominikdosoudil

This comment has been minimized.

Copy link

commented Mar 18, 2017

Thanks 🐱 🥇
Just added || empty($value) after is_string :)

@Tadek888

This comment has been minimized.

Copy link

commented Mar 22, 2018

Thanks !

@HAGhoniem

This comment has been minimized.

Copy link

commented Mar 6, 2019

Working Great

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.