> For the complete documentation index, see [llms.txt](https://php7.shujuwajue.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://php7.shujuwajue.com/php-70x-xin-te-xing/qi-ta-te-xing-he-bian-geng/unserialize-han-shu-yin-ru-guo-lv-qi.md).

# Unserialize 函数引入过滤器

通常我们使用 serialize 和 unserialize 两个方法分别对对象进行序列化和反序列化。然而 unserialize并不安全，因为它没有任何过滤项，可以反序列化任何对象。PHP7中unserialize函数引入了过滤器，这个特性旨在提供更安全的方式解包不可靠的数据。它通过白名单的方式来防止潜在的代码注入。默认情况下运行反序列化所有类型的对象。使用代码示例如下：

```php
<?php
$foo = new stdClass();
$foo->name = 'revin';
$foo = serialize($foo);

// 将所有的对象都转换为 __PHP_Incomplete_Class 对象
$data = unserialize($foo, ["allowed_classes" => false]);
echo $data->name;  // 空
//var_dump($data);

// 将除 MyClass 和 MyClass2 之外的所有对象都转换为 __PHP_Incomplete_Class 对象
$data = unserialize($foo, ["allowed_classes" => ["MyClass", "MyClass2", "stdClass"]]);
//var_dump($data);
echo $data->name; //输出 "revin"

// 默认情况下所有的类都是可接受的，等同于省略第二个参数
$data = unserialize($foo, ["allowed_classes" => true]);
//var_dump($data);
echo $data->name; //输出 "revin"
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://php7.shujuwajue.com/php-70x-xin-te-xing/qi-ta-te-xing-he-bian-geng/unserialize-han-shu-yin-ru-guo-lv-qi.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.