Skip to main content

Generating Random String Using PHP

Generate a random, unique, alphanumeric string using PHP. 
Examples:

EA070
aBX32gTf


APPROACH 1: Brute Force The first approach is the simplest one to understand and thus brute force.

It can be achieved as follows:

  •  Store all the possible letters into a string.
  •  Generate random index from 0 to string length-1. 
  •  Print the letter at that index.
  •  Perform this step n times (where n is the length of string required).

$n=10;
function getName($n) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = ''; 
    for ($i = 0; $i < $n; $i++) {
        $index = rand(0, strlen($characters) - 1);
        $randomString .= $characters[$index];
    } 
    return $randomString;
} 
echo getName($n);

Output: 6aruSzs0qJ

 

APPROACH 2: Using Hashing Functions

PHP has a few functions like md5(), sha1() and hash(), that can be used to hash a string based on certain algorithms like “sha1”, “sha256”, “md5” etc. 
All these function takes a string as an argument and output an Alpha-Numeric hashed string.

To learn more about these functions click here. Once we understand how we utilize these functions, our task becomes pretty simple.

All the functions in this approach are hashing functions, hence the length of the string generated will always depend on the algorithm used, but for an algorithm it will always remain constant. 
So if you want to generate string of a fixed length, you can either truncate the generated string or concatenate with another string, based on the requirement. 

  •  Generate a random number using rand() function.
  •  Hash it using one of the above functions.
$str=rand();
$result = md5($str);
echo $result;

$str=rand();
$result = sha1($str);
echo $result;

$str = rand();
$result = hash("sha256", $str);
echo $result;

Output: 7190bba9f6361764d423317d202402d5
Output: 7898decff6889ba2521bb32259e571be9880da25
Output: 690a4fea15d64168b512ad893f5e44bf13741a5c954f70fb6553e508965ad6f5

 

Approach 3: Using uniqid() function.

The uniqid( ) function in PHP is an inbuilt function which is used to generate a unique ID based on the current time in microseconds (micro time). 
By default, it returns a 13 character long unique string.
rand() and uniqid() functions are not cryptographically secure random generators. 
So it is advised that if the degree of randomness affect the security of an application, these methods should be avoided. 

$result = uniqid();
echo $result;

Output: 6317481fbacc1

Approach 4: Using random_bytes() function. (Cryptographically Secure) 

The random_bytes() function generates cryptographically secure pseudo-random bytes, which can later be converted to hexadecimal format using bin2hex() function.

$n = 20;
$result = bin2hex(random_bytes($n));
echo $result;

Output: 67de19022831ea109df3ab3b483a2c0912005fdc