PHP 8.1: PDO::FETCH_SERIALIZE is deprecated


PHP 8.1 deprecates the Serializable interface, and part of this change, PHP 8.1 also deprecates the PDO::FETCH_SERIALIZE functionality.

PDO::FETCH_SERIALIZE flag is meant to be used as a flag for PDO statement fetch methods, and if was used, PDO automatically calls unserialize on the data fetched from the database. This functionality, however, is broken and is unusable.

In PHP 8.1 and later, attempting to make use of PDO::FETCH_SERIALIZE emits a deprecation notice:

$stmt = $pdo->query('SELECT \'s:4:"test";\' foo');
$stmt->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, 'Foo');
$data = $stmt->fetch()
Deprecated: PDOStatement::fetch(): The PDO::FETCH_SERIALIZE mode is deprecated in ... on line ...

Using the PDO::FETCH_SERIALIZE PHP constant does not emit a deprecation notice.

Avoiding the deprecation notice

To avoid the deprecation notice, drop the PDO::FETCH_SERIALIZE flag, and make an explicit unserialize call on the string values fetched from the database.

Related Changes

Backwards Compatibility Impact

The PDO::FETCH_SERIALIZE mode is deprecated in PHP 8.1, and will be removed in PHP 9.0. Note that this functionality was buggy even prior to PHP 8.1, and it may be ideal to replace the PDO::FETCH_SERIALIZE mode with an explicit unserialize call.

RFC Discussion Implementation