The need to generate a unique random alphanumeric string of a given length is very common. You may need it for various purpose like creating a random username or a filename. In this article, you will learn about different methods that can be used to generate random alphanumeric string in PHP.<\/p>\n
In this section, we will be using different string functions to create our own random alphanumeric string generator function. Here is the first version of our function that generates a random alphanumeric string.<\/p>\n
PHP<\/p>\n
function random_alphanumeric_string($length) {\n $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n return substr(str_shuffle($chars), 0, $length);\n}\n\n\/\/ Output \u2014 FtUqw9QpC1\necho random_alphanumeric_string(10);\n\n\/\/ Output \u2014 ZIPNz1kKvJ\necho random_alphanumeric_string(10);\n<\/code><\/pre>\nWe begin by creating a $chars<\/code> variable that stores all the characters we will be using to create our random string generator. You could also add other characters like #, $, &, @<\/code> to the mix. After that, we have used the str_shuffle() function in PHP<\/a> to randomly shuffle the alphanumeric string value stored in $chars<\/code>. Finally, we return the first $length<\/code> characters of the shuffled string using the substr() function in PHP<\/a>.<\/p>\nFor simple cases, this solution should be sufficient. However, there are two issues with it in its current form. First, the maximum length of string can only be 62 (10[0-9] + 26[a-z] + 26[A-Z] = 62) characters. Second, the characters inside the generated string will never repeat. We can solve both these issues with the help of str_repeat() function in PHP<\/a> which repeats a string given number of times. Here is the second iteration of our function:<\/p>\nPHP<\/p>\n
function random_alphanumeric_string($length) {\n $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n return substr(str_shuffle(str_repeat($chars, ceil($length\/strlen($chars)) )), 0, $length);\n}\n\n\/\/ Output \u2014 Z4VIz4gvnb0NQ6KHUej1lpCiYVbFdArA2Hw9RdkPyeftFGnaiwDEsPm7JjuLWSxMBDhZ72KT56xIkhqQtrmgGozaM0uf9cX83U15\necho random_alphanumeric_string(100);\n<\/code><\/pre>\nWe divide the length of required random string with the length of the seed string, take its ceiling value and then repeat the seed string calculated number of times. For example, length of $chars<\/code> is 62. If the supplied $length<\/code> value is 100, ceil(100\/62)<\/code> becomes 2. This means that our seed string will be repeated twice making its total length 124. The substr()<\/code> function can then take the first 100 characters after the string has been shuffled.<\/p>\nNow, the characters inside our random string will start repeating once its length becomes more than 62. However, this means that any random alphanumeric character sequence generated by our function with less than or equal to 62 characters will still have unique characters. We can slightly modify our function and specify the number of times the characters may be repeated along with the length of generated string.<\/p>\n
PHP<\/p>\n
function random_alphanumeric_string($length, $repeats) {\n $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';\n return substr(str_shuffle(str_repeat($chars, $repeats)), 0, $length);\n}\n\n\/\/ Output \u2014 AJ9H8NBKK4\necho random_alphanumeric_string(10, 3);\n\n\/\/ Output \u2014 Wd8YtZcwqT\necho random_alphanumeric_string(10, 3);\n<\/code><\/pre>\nNow, the characters will repeat even if the string length is less than 62. This makes the generated string less predictable. However, you still should not use it cryptographic purposes like generating passwords. This is because str_shuffle()<\/code> uses rand()<\/code> to shuffle the string and rand()<\/code> is the secure cryptography wise.<\/p>\nUsing md5() and sha1() to Generate a Random String<\/h2>\n
The md5() function available in PHP<\/a> can be used to calculate the md5 hash of a given string. For our purposes, we can supply it a random integer using mt_rand()<\/code> or the current timestamp value using time()<\/code>. The hash of the given input is returned as a 32 character hexadecimal number. This means that the maximum length of the returned hash will be 32 characters. We can use the substr() function<\/a> to extract a part of the output as our random string. Here is an example:<\/p>\nPHP<\/p>\n
function random_md5_string($length) {\n return substr(md5(time()), 0, $length);\n}\n\n\/\/ Output \u2014 e4c0c18a8dba\necho random_md5_string(12);\n\n\/\/ Output \u2014 b2ac061a4b0aab170474f28a\necho random_md5_string(24);\n<\/code><\/pre>\nSimilarly, you can also use the sha1()<\/code> function to calculate the sha1 hash of a given string. Just like the previous example, we can supply it with an input value using time()<\/code> or mt_rand()<\/code>. The maximum length of returned hexadecimal string in this case would be 40 characters.<\/p>\nPHP<\/p>\n
function random_sha1_string($length) {\n return substr(sha1(mt_rand()), 0, $length);\n}\n\n\/\/ Output \u2014 52550a827ba2458e7128e2f5a7ccd34d3a7b\necho random_sha1_string(36);\n<\/code><\/pre>\nUsing the random_bytes() Function<\/h2>\n
The methods we have used so far for generating our string are not meant to be used in cryptography based work. In such cases, you can use the random_bytes() function in PHP<\/a> to generate cryptographically secure random bytes. This function is relatively new and only available in PHP 7. Here is an example of a random string generated using the bin2hex()<\/code> and random_bytes()<\/code> functions.<\/p>\nPHP<\/p>\n
function random_string($length) {\n echo substr(bin2hex(random_bytes($length)), 0, $length);\n}\n\n\/\/ Output \u2014 c92b5d7247241d7a8a63\necho random_string(20);\n<\/code><\/pre>\n