Home » Wordpress » Fix serialized data broken due to editing MySQL database in a text editor?

Fix serialized data broken due to editing MySQL database in a text editor?

Posted by: admin November 7, 2017 Leave a comment


Background: I downloaded a *.sql backup of my WordPress site’s database, and replaced all instances of the old database table prefix with a new one (e.g. from the default wp_ to something like asdfghjkl_).

I’ve just learnt that WordPress uses serialized PHP strings in the database, and what I did will have messed with the integrity of the serialized string lengths.

The thing is, I deleted the backup file just before I learnt about this (as my website was still functioning fine), and installed a number of plugins since. So, there’s no way I can revert back, and I therefore would like to know two things:

  1. How can I fix this, if at all possible?

  2. What kind of problems could this cause?

(This article states that, a WordPress blog for instance, could lose its settings and widgets. But this doesn’t seem to have happened to me as all the settings for my blog are still intact. But I have no clue as to what could be broken on the inside, or what issues it’d pose in the future. Hence this question.)


Visit this page: http://unserialize.onlinephpfunctions.com/

On that page you should see this sample serialized string: a:1:{s:4:"Test";s:17:"unserialize here!";}. Take a piece of it– s:4:"Test";. That means “string”, 4 characters, then the actual string. I am pretty sure that what you have done is caused the numeric character count to be out of sync with the string. Play with the tool on the site mentioned above and you will see that you get an error if you change “Test” to “Tes”, for example.

What you need to do it get those character counts to match your new string. If you haven’t corrupted any of the other encoding– removed a colon or something– that should fix the problem.


Try this script that fixes serialization issues:



I came to this same problem after trying to change the domain from localhost to the real URL. After some searching I found the answer in WordPress documentation:


I will quote what is written there:

To avoid that serialization issue, you have three options:

  • Use the Better Search Replace or Velvet Blues Update URLs plugins if you can > access your Dashboard.
  • Use WP-CLI’s search-replace if your hosting provider (or you) have installed WP-CLI.
  • Run a search and replace query manually on your database. Note: Only perform a search and replace on the wp_posts table.

I ended up using WP-CLI which is able to replace things in the database without breaking serialization: http://wp-cli.org/commands/search-replace/


I know this is an old question, but better late than never, I suppose. I ran into this problem recently, after inheriting a database that had had a find/replace executed on serialized data. After many hours of researching, I discovered that this was because the string counts were off. Unfortunately, there was so much data with lots of escaping and newlines and I didn’t know how to count in some cases and I had so much data that I needed something automated.

Along the way, I stumbled across this question and Benubird’s post helped put me on the right path. His example code did not work in production use on complex data, containing numerous special characters and HTML, with very deep levels of nesting, and it did not properly handle certain escaped characters and encoding. So I modified it a bit and spent countless hours working through additional bugs to get my version to “fix” the serialized data.

// do some DB query here
while($res = db_fetch($qry)){
    $str = $res->data;
    $sCount=1; // don't try to count manually, which can be inaccurate; let serialize do its thing
    $newstring = unserialize($str);
    if(!$newstring) {
#           preg_match_all("/s:([0-9]+):(\"[^\"\\]*(?:\\.[^\"\\]*)*\")(?=;)/u",$str,$m); // alternate: almost works but leave quotes in $m[2] output
#           print_r($m); exit;
        foreach($m[1] as $k => $len) {
            /*** Possibly specific to my case: Spyropress Builder in WordPress ***/
            $m_clean = str_replace('\"','"',$m[2][$k]); // convert escaped double quotes so that HTML will render properly
            // if newline is present, it will output directly in the HTML
            // nl2br won't work here (must find literally; not with double quotes!)
            $m_clean = str_replace('\n', '<br />', $m_clean); 
            $m_clean = nl2br($m_clean);  // but we DO need to convert actual newlines also
                $m_new = $m[0][$k].';'; // we must account for the missing semi-colon not captured in regex!
                // NOTE: If we don't flush the buffers, things like <img src="http://whatever" can be replaced with <img src="//whatever" and break the serialize count!!!                  
                ob_end_flush(); // not sure why this is necessary but cost me 5 hours!!
                $m_ser = serialize($m_clean);
                if($m_new != $m_ser) {
                    print "Replacing: $m_new\n";
                    print "With: $m_ser\n";
                    $str = str_replace($m_new, $m_ser, $str);
                $m_len = (strlen($m[2][$k]) - substr_count($m[2][$k],'\n'));
                if($len != $m_len) {
                    echo "Replacing: {$m[0][$k]}\n";
                    echo "With: $newstr\n\n";
                    $str = str_replace($m_new, $newstr, $str);
        print_r($str); // this is your FIXED serialized data!! Yay!

A little geeky explanation on my changes:

  • I found that trying to count with Benubird’s code as a base was too inaccurate for large datasets, so I ended up just using serialize to be sure the count was accurate.
  • I avoided the try/catch because, in my case, the try would succeed but just returned an empty string. So, I check for empty data instead.
  • I tried numerous regex’s but only a mod on Benubird’s would accurately handle all cases. Specifically, I had to modify the part that checked for the “;” because it would match on CSS like “width:100%; height:25px;” and broke the output. So, I used a positive lookahead to only match when the “;” was outside of the set of double quotes.
  • My case had lots of newlines, HTML, and escaped double quotes, so I had to add a block to clean that up.
  • There were a couple of weird situations where data would be replaced incorrectly by the regex and then the serialize would count it incorrectly as well. I found NOTHING on any sites to help with this and finally thought it might be related to caching or something like that and tried flushing the output buffer (ob_end_flush()), which worked, thank goodness!

Hope this helps someone… Took me almost 20 hours including the research and dealing with weird issues! 🙂


If the error is due to the length of the strings being incorrect (something I have seen frequently), then you should be able to adapt this script to fix it:

foreach($strings as $key => $str)
    try {
    } catch(exception $e) {
        foreach($m[1] as $k => $len) {
            if($len != strlen($m[2][$k])) {
                echo "len mismatch: {$m[0][$k]}\n";
                echo "should be:    $newstr\n\n";
                $strings[$key] = str_replace($m[0][$k], $newstr, $str);


I personally don’t like working in PHP, or placing my DB credentials in an public file. I created a ruby script to fix serializations that you can run locally:


Context Edit:
I approached fixing serialization by first identifying serialization via regex, and then recalculating the byte size of the contained data string.

$content_to_fix.gsub!(/s:([0-9]+):\"((.|\n)*?)\";/) {"s:#{$2.bytesize}:\"#{$2}\";"}

I then update the specified data via an escaped sql update query.

escaped_fix_content = client.escape($fixed_content)

query = client.query("UPDATE #{$table} SET #{$column} = '#{escaped_fix_content}' WHERE #{$column_identifier} LIKE '#{$column_identifier_value}'")