Table of Contents

PHP RFC: Phasing out Serializable

Introduction

The new custom object serialization mechanism RFC introduced new __serialize() and __unserialize() magic methods in PHP 7.4, with the intent of replacing the broken Serializable interface. This RFC finalizes that work by laying out a plan for the eventual removal of Serializable.

Please see the referenced RFC for a detailed discussion of why the Serializable interface is broken and needs to be replaced. Since PHP 7.4 a robust alternative mechanism exists, but some of the motivating issues will only be resolved once support for Serializable is dropped entirely.

Proposal

Serializable

A class is “only Serializable” if it is non-abstract, implements Serializable, and does not implement __serialize() and __unserialize(). Then:

If a class implements both Serializable and __serialize()/__unserialize(), the latter take precedence (on versions that support them), and the Serializable interface is only used to decode existing serialization payload using the obsolete C format. To migrate to the new mechanism, it's possible to either replace Serializable entirely (if support for PHP 7.3 and below is not needed) or to implement both (if it is needed).

An earlier version of this RFC proposed an additional step: PHP 9.0 would deprecate all uses of Serializable (including those that are not “only Serializable”) and only remove the interface in PHP 10.0. However, this approach was deemed too complicated.

PDO::FETCH_SERIALIZE

PDO has a PDO::FETCH_SERIALIZE flag that can be used in conjunction with PDO::FETCH_CLASS. This fetch mode is based on the Serializable interface, and as such it cannot be supported once it is removed. Apparently, the PDO::FETCH_SERIALIZE mode is not actually usable due to an implementation bug (https://bugs.php.net/bug.php?id=68802) anyway.

In addition to the Serializable changes, this RFC proposes to deprecate PDO::FETCH_SERIALIZE in PHP 8.1 and remove it in PHP 9.0.

Vote

Voting started 2021-04-14 and ended 2021-04-28.

Phase out Serializable as proposed?
Real name Yes No
asgrim (asgrim)  
ashnazg (ashnazg)  
brzuchal (brzuchal)  
bwoebi (bwoebi)  
crell (crell)  
cschneid (cschneid)  
daverandom (daverandom)  
derick (derick)  
ekin (ekin)  
galvao (galvao)  
girgias (girgias)  
kalle (kalle)  
kguest (kguest)  
kinncj (kinncj)  
kocsismate (kocsismate)  
lcobucci (lcobucci)  
lufei (lufei)  
marandall (marandall)  
narf (narf)  
nicolasgrekas (nicolasgrekas)  
nikic (nikic)  
ocramius (ocramius)  
patrickallaert (patrickallaert)  
pierrick (pierrick)  
ramsey (ramsey)  
reywob (reywob)  
sammyk (sammyk)  
santiagolizardo (santiagolizardo)  
sebastian (sebastian)  
sergey (sergey)  
sirsnyder (sirsnyder)  
svpernova09 (svpernova09)  
tandre (tandre)  
theodorejb (theodorejb)  
trowski (trowski)  
twosee (twosee)  
Final result: 36 0
This poll has been closed.