|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44792 Serializing objects with protected members introduces null charcters
Submitted: 2008-04-21 11:14 UTC Modified: 2008-07-23 21:26 UTC
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: alex at fav dot or dot it Assigned: helly (profile)
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.2.5 OS: *
Private report: No CVE-ID: None
 [2008-04-21 11:14 UTC] alex at fav dot or dot it
The output from the serialization of objects that contain protected (and possibly private also) members contains null characters. These characters are unnecessary and can cause problems when inserting the serialized data into databases.

An asterisk is placed before the variable name in the serialized string, which I assume is to mark it as protected. This asterisk is surrounded by null characters.

This appears to be the same as the closed #29865 (closed 10/2005), but in version 5.2.5 and the latest snapshot, the bug still exists.

Reproduce code:
php -r 'class Foo { protected $bar = 1; } $v = new Foo; echo serialize($v);' | hexdump

Expected result:
The output should not contain null characters (shown as '00') around the asterisk.

Actual result:
0000000 3a4f 3a33 4622 6f6f 3a22 3a31 737b 363a
0000010 223a 2a00 6200 7261 3b22 3a69 3b31 007d


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-15 17:22 UTC]
Marcus, yet another PPP issue.
 [2008-07-21 14:33 UTC] penny at mjollnir dot org
Present in 5.2.6 as well.
 [2008-07-23 21:26 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

That\'s just how PHP works. If you don\'t like the 0\'s then use interface Serializable:

$> php --rc Serializable
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun May 26 05:01:26 2019 UTC