|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27588 unserialize() throws E_NOTICE if not unserializable
Submitted: 2004-03-13 13:42 UTC Modified: 2004-03-14 13:09 UTC
From: lsole at maresme dot net Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.4 OS: FreeBSD
Private report: No CVE-ID: None
 [2004-03-13 13:42 UTC] lsole at maresme dot net
@unserialize() throws E_NOTICE with custom handler

Reproduce code:
function myErrorHandler($errno, $errmsg, $filename, $linenum) {
	if ($errno == 0) return;
	$error_type = array(0 => 'No Error', 8 => 'Notice'); // just the ones we need...
	echo '<b>' . $error_type[$errno] . '</b>: ' . $errmsg . ' in <b>' . $filename . '</b> on line <b>' . $linenum . '</b><br>' . chr(10);
$a = 'abc123';

$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // @ suppresses error
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}


$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // should throw nothing but throws Notice!
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}

Expected result:
E_NOTICE errors should not happen when prepending @: the custom handler should receive $errno = 0

Actual result:
E_NOTICE error


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-14 08:21 UTC] lsole at maresme dot net
I think I've misunderstood what the error control operator was sending to my custom error handling. I thought it was sending a zero error code but what it does is to set error_reporting() to zero. Sorry!

Anyway, I wonder if it is not a bug that unserialize() throws an E_NOTICE error if the input is not unserializable. The function description says it should return FALSE but says nothing about throwing errors. As an example, base64_decode() does not throw errors if the input can't be decoded.
 [2004-03-14 13:09 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

When unserialize() fails (shouldn't normally) it throws 
E_NOTICE to allow you to see/log the problem. 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Jun 05 01:03:36 2023 UTC