Avoid object injection with this:
if ( 1 !== preg_match( '~O:\d~', $maybe_dangerous ) ) { // All is well, this is safe to unserialize. }
For security it is best if you use json_*
or something else instead. But if you are working with a project built by someone else and you have no choice, this will keep you from unserializing any objects.