BOM——Byte Order Mark, which is the byte order mark
There is a character called "ZERO WIDTH NO-BREAK SPACE" in UCS encoding, and its encoding is FEFF. FFFE is a character that does not exist in UCS, so it should not appear in actual transmission. The UCS specification recommends that we transmit the characters "ZERO WIDTH NO-BREAK SPACE" before transmitting the byte stream. In this way, if the receiver receives FEFF, it indicates that the byte stream is Big-Endian; if it receives FFFE, it indicates that the byte stream is Little-Endian. Therefore the character "ZERO WIDTH NO-BREAK SPACE" is also called BOM.
UTF-8 does not require a BOM to indicate the byte order, but can use the BOM to indicate the encoding method. The UTF-8 encoding of the character "ZERO WIDTH NO-BREAK SPACE" is EF BB BF. So if the receiver receives a byte stream starting with EF BB BF, it knows that it is UTF-8 encoded.
In UTF-8 encoded files, the BOM occupies three bytes. If you use Notepad to save a text file as UTF-8 encoding, open the file with UE and switch to the hexadecimal editing state, you can see the FFFE at the beginning. This is a good way to identify UTF-8 encoded files. The software uses BOM to identify whether the file is UTF-8 encoded. Many software also require that the read file must have BOM. However, there are still many softwares that cannot recognize BOM.
In early versions of Firefox, extensions could not have BOM, but versions after Firefox 1.5 have begun to support BOM. Now I discovered that PHP does not support BOM either. PHP did not consider the BOM issue when it was designed, which means that it will not ignore the three characters of the BOM at the beginning of the UTF-8 encoded file.
Since it must be seen in Bo-Blog's wiki, Bo-Blog, which also uses PHP, is also troubled by BOM. Another trouble was mentioned: "Limited by the COOKIE sending mechanism, in files that already have a BOM at the beginning of these files, the COOKIE cannot be sent (because PHP has already sent the file header before the COOKIE is sent), so the login and logout functions Invalid. All functions that rely on COOKIE and SESSION are invalid. "This should be the reason why a blank page appears in the WordPress background, because any executed file contains a BOM, and these three characters will be sent, resulting in dependence on cookies and The session function is invalid.
The solution is, if it only contains English characters (or characters in ASCII encoding), just save the file in ASCII code. If you use an editor such as UE, click File->Convert->UTF-8 to ASCII, or select ASCII encoding in Save As. If it is a line ending in DOS format, you can open it with Notepad, click Save As, and select ASCII encoding. If it contains Chinese characters, you can use UE's save as function and select "UTF-8 without BOM".
BOM should not be added to utf-8. It has no use except letting the editor know that it is utf-8. In fact, the editor is fully capable of judging the encoding of a file based on characteristics among not too many encoding formats. Even if it cannot be automatically recognized, the editor should have a place to set the encoding. So I think BOM is redundant for utf-8.
Utf-16 only needs to add BOM. Because it is encoded in unicode order, it is two bytes in the BMP range, and it needs to be identified as big or little endian.
Actually, I think it is too stupid to introduce the concept of big and small endianness in utf-8. I don’t know what those standards committees think. The significance of the existence of big and small endianness lies in the processing method of the CPU. If the CPU processes big endian, then for little endian, a layer of conversion must be performed, which brings about a decrease in efficiency. But in practical applications, who cares about endianness? Text encoding gives rise to the concept of byte order. It can only be said that those who formulate standards are too rigid. For UTF-16, I think as long as the whole world follows a byte ordering method, there is no need to use BOM to mark it.
Having said that, PHP does not support UTF-16 encoded files. Because the $ symbol, for example, is also two bytes in UTF-8 and cannot be parsed by the PHP decoder. I don’t know if PHP6 will support this after the concept of unicode is introduced in internal processing.
Encoding problem is something that sounds simple but is actually very complicated. Many programs have the concept of hierarchical coding. Like MySQL, it is divided into concepts such as client->connection->storage and storage->connection->result. Storage is divided into system, database, table, and column. I sometimes think, is it necessary to make it so complicated, TNND. Like MySQL, who uses its features? Unless the two clients are allowed to operate in different encoding environments, there is no need to separate the client encoding. In most cases, just binary in/binary out
The above introduces the difference between utf-8 and utf-8 without BOM, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.
How can you protect against Cross-Site Scripting (XSS) attacks related to sessions?Apr 23, 2025 am 12:16 AMTo protect the application from session-related XSS attacks, the following measures are required: 1. Set the HttpOnly and Secure flags to protect the session cookies. 2. Export codes for all user inputs. 3. Implement content security policy (CSP) to limit script sources. Through these policies, session-related XSS attacks can be effectively protected and user data can be ensured.
How can you optimize PHP session performance?Apr 23, 2025 am 12:13 AMMethods to optimize PHP session performance include: 1. Delay session start, 2. Use database to store sessions, 3. Compress session data, 4. Manage session life cycle, and 5. Implement session sharing. These strategies can significantly improve the efficiency of applications in high concurrency environments.
What is the session.gc_maxlifetime configuration setting?Apr 23, 2025 am 12:10 AMThesession.gc_maxlifetimesettinginPHPdeterminesthelifespanofsessiondata,setinseconds.1)It'sconfiguredinphp.iniorviaini_set().2)Abalanceisneededtoavoidperformanceissuesandunexpectedlogouts.3)PHP'sgarbagecollectionisprobabilistic,influencedbygc_probabi
How do you configure the session name in PHP?Apr 23, 2025 am 12:08 AMIn PHP, you can use the session_name() function to configure the session name. The specific steps are as follows: 1. Use the session_name() function to set the session name, such as session_name("my_session"). 2. After setting the session name, call session_start() to start the session. Configuring session names can avoid session data conflicts between multiple applications and enhance security, but pay attention to the uniqueness, security, length and setting timing of session names.
How often should you regenerate session IDs?Apr 23, 2025 am 12:03 AMThe session ID should be regenerated regularly at login, before sensitive operations, and every 30 minutes. 1. Regenerate the session ID when logging in to prevent session fixed attacks. 2. Regenerate before sensitive operations to improve safety. 3. Regular regeneration reduces long-term utilization risks, but the user experience needs to be weighed.
How do you set the session cookie parameters in PHP?Apr 22, 2025 pm 05:33 PMSetting session cookie parameters in PHP can be achieved through the session_set_cookie_params() function. 1) Use this function to set parameters, such as expiration time, path, domain name, security flag, etc.; 2) Call session_start() to make the parameters take effect; 3) Dynamically adjust parameters according to needs, such as user login status; 4) Pay attention to setting secure and httponly flags to improve security.
What is the main purpose of using sessions in PHP?Apr 22, 2025 pm 05:25 PMThe main purpose of using sessions in PHP is to maintain the status of the user between different pages. 1) The session is started through the session_start() function, creating a unique session ID and storing it in the user cookie. 2) Session data is saved on the server, allowing data to be passed between different requests, such as login status and shopping cart content.
How can you share sessions across subdomains?Apr 22, 2025 pm 05:21 PMHow to share a session between subdomains? Implemented by setting session cookies for common domain names. 1. Set the domain of the session cookie to .example.com on the server side. 2. Choose the appropriate session storage method, such as memory, database or distributed cache. 3. Pass the session ID through cookies, and the server retrieves and updates the session data based on the ID.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SublimeText3 English version
Recommended: Win version, supports code prompts!
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SublimeText3 Linux new version
SublimeText3 Linux latest version
