PHP: 'The script tried to execute a method or access a property of an incomplete object'

Have you ever got this error in PHP? I bet no, never.

Basically, it happens when you serialize an object of class A and try to unserialize it when class A doesn’t exist anymore.

How (the hell) do I get there?

If you are working with auto-generated proxy classes, store objects in the session and then clear your cache, once you retrieve an object from the session you are going to face it. A solution is to re-generate all the proxies before retrieving objects from the session1.

  1. in an ideal world, at every deployment you clear and re-generate proxies

Hi there! I recently wrote an ebook on web application security, currently sold on leanpub, the Amazon Kindle store and gumroad.

It contains 160+ pages of content dedicated to securing web applications and improving your security awareness when building web apps, with chapters ranging from explaining how to secure HTTP cookies with the right flags to understanding why it is important to consider joining a bug bounty program.

Feel free to skim through some of the free chapters published on this blog and, if the content seems interesting enough to you, grab a copy on leanpub, the Amazon Kindle store, gumroad or simply checkout right down below!

Buy the Web Application Security ebook for $9.99

In the mood for some more reading?

...or check the archives.