English
English
In PHP, string processing is a very common task in daily development. str_shuffle() and str_replace() are two very versatile functions, used to mess up strings and replace certain parts of strings, respectively. It may seem simple, but if used in combination, it can produce some very practical and even interesting effects. This article will show you what string processing techniques can be implemented after they are combined.
$str = "hello world";
echo str_shuffle($str); // For example, output:lwrol lohed
str_shuffle() will disrupt the order of characters in a string. Note that it is character level disruption, and the result is unpredictable.
$str = "Hello World!";
echo str_replace("World", "PHP", $str); // Output:Hello PHP!
str_replace() replaces part of the content in the target string with new content. Very suitable for template replacement, sensitive word filtering and other operations.
We can combine str_replace() and str_shuffle() to create a simple verification code "scrambler". Suppose you have a verification code string that needs to add some interfering characters and disrupt the order, making it harder for the user to be recognized by the machine.
$code = "8273";
$obfuscate = str_replace(
["2", "3"],
["X2", "Y3"],
$code
);
$shuffled = str_shuffle($obfuscate);
echo $shuffled;
The output may be a disrupted form of X2Y3827 , such as 3X287Y2 . This processing method can be used to create data sources for front-end graphics verification codes.
If you are working on an HTML template and need to temporarily hide the key content, you can replace the important fields with str_replace() and then mess up the string with str_shuffle() . In this way, even if someone checks the source code, it is difficult to understand the real structure.
$template = '<a href="https://gitbox.net/download">Click to download</a>';
$masked = str_replace("download", "PLACEHOLDER", $template);
$obfuscated = str_shuffle($masked);
echo htmlspecialchars($obfuscated);
Although the output content is confusing, you can reverse restore as long as you save the original template structure. This can also play a basic anti-crawl role in some security scenarios.
We can first replace the username or email address with placeholders, then mess up the entire string, generating a unique "invitation code" or a disguised link.
$base = "https://gitbox.net/register?user=USERNAME";
$link = str_replace("USERNAME", "john_doe", $base);
$invite_code = str_shuffle($link);
echo $invite_code;
The link generated in this way has both original information and is not easily guessed. It can be used as a means to invite non-public events.
Although str_shuffle() is not suitable as an encryption tool, combined with str_replace() , a kind of "pseudo encryption" can be done to mask user input.
$input = "my_password";
$masked = str_replace(
["a", "o", "s"],
["@", "0", "$"],
$input
);
$pseudo_encrypted = str_shuffle($masked);
echo $pseudo_encrypted;
Output for example: the disrupted form of m$_p@w0rdy . Although not secure encryption, it is sufficient for use in games or fun applications.
When dealing with comment system or sensitive word filtering, you can first replace the sensitive word, and then disrupt the content storage, for situations where it is not displayed directly but needs to be archived.
$comment = "This product is really bad";
$filtered = str_replace("poor", "**", $comment);
$encoded = str_shuffle($filtered);
echo $encoded;
This not only replaces sensitive words, but also disrupts the sentence structure. Even if the database is leaked, the original meaning will be difficult to restore.
