serialize将一个对象转换成一个字符串
unserialize将一个字符串还原成一个对象

<?php

class People
{
    public $name;
    public $age;
    public function userinfo()
    {
        echo $this -> name . ‘ is ‘ . $this -> age . ‘ years old <br>‘;
    }
}

$jack = new People();
$jack -> name = ‘jack‘;
$jack -> age = 18;
$jack -> userinfo();
echo serialize($jack);

?>

PHP反序列化漏洞学习