Since PHP 7.4 magic methods of
__unserialize() were added, since then Serializable interfece is obsolete and in fact broken with new PHP 8.x features. This also includes deprecating of
PDO::FETCH_SERIALIZE flag of PDO object that will be remove completely in PHP 9.
A class is “only Serializable” if it is non-abstract, implements
Serializable, and does not implement
- In PHP 8.1, declaring an “only Serializable” class will throw a deprecation warning. Other implementations of
Serializablewill be accepted without a deprecation warning, because libraries supporting PHP < 7.4 will generally need to implement both the old and new mechanisms.
- In PHP 9.0 the
Serializableinterface will be removed and
unserialize()will reject payloads using the
Cserialization format. Code needing to support both PHP < 7.4 and PHP >= 9.0 may polyfill the
Serializableinterface, though it will have no effect on serialization.
If a class implements both
__unserialize(), the latter take precedence (on versions that support them), and the
Serializable interface is only used to decode existing serialization payload using the obsolete
C format. To migrate to the new mechanism, it’s possible to either replace
Serializable entirely (if support for PHP 7.3 and below is not needed) or to implement both (if it is needed).