unserialize() takes a single serialized variable (see serialize()) and converts it back into a PHP value. The converted value is returned, and can be a boolean, integer, float, string, array or object. In case the passed string is not unserializeable, FALSE is returned and E_NOTICE is issued.
FALSE is returned both in the case of an error and if unserializing
the serialized FALSE value. It is possible to catch this special case by
unserialize_callback_func directive: It's possible to set a callback-function which will be called, if an undefined class should be instantiated during unserializing. (to prevent getting an incomplete object "__PHP_Incomplete_Class".) Use your php.ini, ini_set() or .htaccess to define 'unserialize_callback_func'. Everytime an undefined class should be instantiated, it'll be called. To disable this feature just empty this setting. Also note that the directive unserialize_callback_func directive became available in PHP 4.2.0.
If the variable being unserialized is an object, after successfully reconstructing the object PHP will automatically attempt to call the __wakeup() member function (if it exists).
Example 1. unserialize_callback_func example
Note: In PHP 3, methods are not preserved when unserializing a serialized object. That limitation was removed in PHP 4 as both properties and methods are now restored. Please see the Serializing Objects section of Classes and Objects or more information.
Example 2. unserialize() example
See also serialize().