I think the problem lies somewhere inside "completely sanitized data"."If you have them completely sanitized it usually is not what many would call object serialization (php unserialize) but rather a data format (JSON).

The only reliable way to sanitize PHP-serialized data is to unserialize it, scrub it, and reserialize it. This poses a nigh intractable chicken-egg problem, and makes a switch to JSON by far a more economical option.