How To Generate A Random Alphanumeric String In PHP?

Using random_bytes() Function

The random_bytes() function is a PHP function that generates secure pseudo-random bytes. It's available in PHP 7 and later versions.

To use random_bytes(), you specify the number of bytes you want to generate. Here's the basic syntax:

$bytes = random_bytes($length);

Where $length is the number of bytes you want to generate. The output of random_bytes() is binary data, which isn't suitable for use as an alphanumeric string. To convert it to a usable format, you can use the bin2hex() function:

$random_string = bin2hex(random_bytes(10));

This will generate a 20-character hexadecimal string (each byte becomes two hexadecimal characters).

function custom_random_string($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[ord(random_bytes(1)) % $charactersLength];
    }
    return $randomString;
}

$custom_random = custom_random_string(15);

Using openssl_random_pseudo_bytes() Function

For PHP versions before 7, the openssl_random_pseudo_bytes() function is an alternative for generating secure random bytes.

The basic syntax for openssl_random_pseudo_bytes() is:

$bytes = openssl_random_pseudo_bytes($length);

Like random_bytes(), this function also outputs binary data. You can convert it to a hexadecimal string using bin2hex():

$random_string = bin2hex(openssl_random_pseudo_bytes(10));

The main advantage of both random_bytes() and openssl_random_pseudo_bytes() is that they produce secure random data. This makes them suitable for use in security-sensitive contexts, such as generating tokens for password resets or email verification links.

Creating a Custom Function

To generate a random alphanumeric string with more control over the output, you can create a custom function. Here's a breakdown of a custom function:

1. Define the function and its parameters:

function generateRandomString($length = 10, $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
    // Function body will go here
}

This function takes two parameters: the length of the string and the character set to use. The default length is 10, and the default character set includes numbers and letters.

2. Calculate the length of the character set:

$charactersLength = strlen($characters);

This step is needed for the random selection process.

3. Initialize an empty string to store the result:

$randomString = '';

4. Create a loop to build the random string:

for ($i = 0; $i < $length; $i++) {
    $randomString .= $characters[random_int(0, $charactersLength - 1)];
}

This loop runs for the specified length, adding a random character from the character set to the result string. The random_int() function selects a random index from the character set.

5. Return the generated random string:

return $randomString;

The complete function looks like this:

function generateRandomString($length = 10, $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[random_int(0, $charactersLength - 1)];
    }
    return $randomString;
}

You can use this function to generate random strings of any length and with any character set. For example:

$defaultString = generateRandomString(); // Generates a 10-character alphanumeric string
$longerString = generateRandomString(20); // Generates a 20-character alphanumeric string
$numericString = generateRandomString(8, '0123456789'); // Generates an 8-character numeric string

This custom function provides flexibility while still using secure random number generation, making it useful for various applications that need random string generation.

$passwordFriendlyString = generateRandomString(12, 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz23456789');