PHP数据脱敏与隐私保护技术数据脱敏是保护用户隐私的重要手段。在显示、存储或传输数据时对敏感信息进行处理。今天说说PHP中各种数据脱敏技术的实现。常见的脱敏方式包括掩码、替换和加密。不同场景使用不同的脱敏策略。phpclass DataMasking{// 手机号脱敏保留前3后4public static function maskPhone(string $phone): string{if (strlen($phone) ! 11) return $phone;return substr($phone, 0, 3) . **** . substr($phone, -4);}// 邮箱脱敏保留用户名首字母和域名public static function maskEmail(string $email): string{$parts explode(, $email);if (count($parts) ! 2) return $email;$name $parts[0];$domain $parts[1];$masked substr($name, 0, 1) . str_repeat(*, max(0, strlen($name) - 2)) . substr($name, -1);return $masked . . $domain;}// 身份证号脱敏保留前6后4public static function maskIdCard(string $idCard): string{if (strlen($idCard) 10) return $idCard;return substr($idCard, 0, 6) . ******** . substr($idCard, -4);}// 银行卡号脱敏保留前4后4public static function maskBankCard(string $cardNo): string{if (strlen($cardNo) 8) return $cardNo;return substr($cardNo, 0, 4) . **** **** . substr($cardNo, -4);}// 姓名脱敏显示姓名用星号public static function maskName(string $name): string{if (mb_strlen($name) 1) return $name;$first mb_substr($name, 0, 1);$rest str_repeat(*, mb_strlen($name) - 1);return $first . $rest;}// 地址脱敏保留到市级public static function maskAddress(string $address): string{$parts preg_split(/[省市]/, $address, 3);if (count($parts) 2) {return $parts[0] . 省 . $parts[1] . 市****;}return $address;}// IP地址脱敏public static function maskIp(string $ip): string{$parts explode(., $ip);if (count($parts) ! 4) return $ip;return {$parts[0]}.{$parts[1]}.*.*;}// 密码脱敏全部替换为星号public static function maskPassword(string $password): string{return str_repeat(*, strlen($password));}// 通用脱敏public static function maskGeneric(string $value, int $prefixLen 1, int $suffixLen 1): string{$len mb_strlen($value);if ($len $prefixLen $suffixLen) {return str_repeat(*, $len);}$prefix mb_substr($value, 0, $prefixLen);$suffix mb_substr($value, -$suffixLen);$midLen $len - $prefixLen - $suffixLen;return $prefix . str_repeat(*, $midLen) . $suffix;}}echo DataMasking::maskPhone(13800138000) . \n;echo DataMasking::maskEmail(zhangsanexample.com) . \n;echo DataMasking::maskIdCard(110101199001011234) . \n;echo DataMasking::maskName(张三) . \n;echo DataMasking::maskGeneric(HelloWorld, 2, 2) . \n;?动态脱敏器可以根据用户角色返回不同程度的脱敏数据phpclass DataDesensitizer{private array $rules [];public function addRule(string $field, string $method, array $roles [*]): void{$this-rules[$field] compact(method, roles);}public function desensitize(array $data, string $role user): array{foreach ($this-rules as $field $rule) {if (!isset($data[$field])) continue;if ($rule[roles][0] ! * !in_array($role, $rule[roles])) {continue;}$method [$this, $rule[method]];if (is_callable($method)) {$data[$field] $method($data[$field]);}}return $data;}public function batchDesensitize(array $items, string $role user): array{return array_map(fn($item) $this-desensitize($item, $role), $items);}private function phone(string $value): string{return substr($value, 0, 3) . **** . substr($value, -4);}private function email(string $value): string{$parts explode(, $value);return substr($parts[0], 0, 1) . *** . $parts[1];}private function idCard(string $value): string{return substr($value, 0, 4) . ********** . substr($value, -4);}private function name(string $value): string{return mb_substr($value, 0, 1) . str_repeat(*, mb_strlen($value) - 1);}}$desensitizer new DataDesensitizer();$desensitizer-addRule(phone, phone, [user, admin]);$desensitizer-addRule(email, email, [user, admin]);$desensitizer-addRule(id_card, idCard, [admin]);$desensitizer-addRule(name, name, [user]);$userData [name 张三,phone 13800138000,email zhangsanexample.com,id_card 110101199001011234,];echo 普通用户查看:\n;print_r($desensitizer-desensitize($userData, user));echo \n管理员查看:\n;print_r($desensitizer-desensitize($userData, admin));?数据库层面的脱敏phpclass DatabaseMasking{private PDO $pdo;public function __construct(PDO $pdo){$this-pdo $pdo;}public function maskQuery(string $sql, array $sensitiveFields []): array{$stmt $this-pdo-query($sql);$results $stmt-fetchAll(\PDO::FETCH_ASSOC);if (empty($sensitiveFields)) return $results;return array_map(function ($row) use ($sensitiveFields) {foreach ($sensitiveFields as $field $maskType) {if (isset($row[$field])) {$row[$field] match ($maskType) {phone DataMasking::maskPhone($row[$field]),email DataMasking::maskEmail($row[$field]),name DataMasking::maskName($row[$field]),id_card DataMasking::maskIdCard($row[$field]),default $row[$field],};}}return $row;}, $results);}}?数据脱敏是隐私保护的基础工作。不同的数据需要不同的脱敏方式不同的用户角色看到的信息也不同。在设计API时建议在数据返回层统一处理脱敏逻辑而不是在每个业务代码中分散处理。这样既保证了安全性又便于维护。