current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Dismiss
Announcing Stack Overflow Documentation

We started with Q&A. Technical documentation is next, and we need your help.

Whether you're a beginner or an experienced developer, you can contribute.

Sign up and start helping → Learn more about Documentation →
up vote 426 down vote favorite
143

I'm trying to create a randomized string in PHP, and I get absolutely no output with this:

<?php
function RandomString()
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randstring = '';
    for ($i = 0; $i < 10; $i++) {
        $randstring = $characters[rand(0, strlen($characters))];
    }
    return $randstring;
}
RandomString();
echo $randstring;

What am I doing wrong?

share|improve this question
122  
My one line solution for generate short string is substr(md5(rand()), 0, 7); good luck ... – tasmaniski Jun 21 '12 at 14:46
1  
@tasmaniski.. Your solution is ok.. But its less randomized! In your example the number of random strings that can be generated is limited by the size of integer. ( 2^32 ) at the max.. In case of the other solution, you can generate ( 62^8 ).. In case, I want larger strings, then number of distinct strings remain at max 2^32, but in the other solution it increases to ( 62^n ).. – Manu Dec 23 '13 at 8:12
    
@tasmaniski: printf("%08x", rand()); :) – S.Pinkus Apr 3 '14 at 6:40
3  
You forgot to add each new generated character to the string. You're just overwriting it as it is. Should be $randstring .= $characters.. – Spock Apr 25 '14 at 9:28
1  
@CaptainLightning Can you please swap out the accepted answer for one of the more secure ones? :) – Scott Arciszewski Dec 8 '15 at 6:29

37 Answers 37

1 2
up vote 758 down vote accepted

To answer this question specifically, two problems:

  1. $randstring is not in scope when you echo it.
  2. The characters are not getting concatenated together in the loop.

Here's a code snippet with the corrections:

function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

Output the random string with the call below:

// Echo the random string.
// Optionally, you can give it a desired string length.
echo generateRandomString();

Please note that this generates predictable random strings. If you want to create secure tokens, see this answer.

share|improve this answer
2  
Why wasting that extra variable, $i? Just do for ($randomString = ''; strlen($STR) < 50;) $randomString .= $characters[rand(0, strlen($characters) - 1)]; instead of your loop, or simplified, for ($STR = ''; strlen($STR) < 50;) $STR .= $CHR[rand(0, strlen($CHR) - 1)]; – Francisco Presencia May 25 '13 at 4:22
20  
@FranciscoPresencia, It's better "wasting" an extra variable as of calling an method in the compare condition of an loop. – Rico Sonntag Aug 16 '13 at 8:58
89  
All that work, why not just something like substr(str_shuffle(MD5(microtime())), 0, 10);? – SpYk3HH Apr 9 '14 at 13:06
3  
@FranciscoPresencia do you have any idea how horrifically inefficient that is? You are checking the length of a string twice per iteration! The strlen inside the loop should be cached in a variable before entering the loop as well. – developerbmw Nov 29 '14 at 6:51
4  
This is not a good solution. The strings this generates will be predictable. :( – Scott Arciszewski Jun 29 '15 at 3:45
up vote 256 down vote

Note: str_shuffle() internally uses rand(), which is unsuitable for cryptography purposes (e.g. generating random passwords). You want a secure random number generator instead. It also doesn't allow characters to repeat.

One more way.

UPDATED (now this generates any length of string):

function generateRandomString($length = 10) {
    return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
}

echo  generateRandomString();  // OR: generateRandomString(24)

That's it. :)

share|improve this answer
50  
+1 for the shortest answer :). But not the best answer for every use-case. This code will output strings where each character won't appear more than once (thus making it weaker for brute force attacks) and won't output anything longer than 62 characters. – David Dec 5 '12 at 9:55
14  
Do not do this, it is extremely weak. The longer you make your random string, the weaker it will be. – Abhi Beckert Feb 13 '13 at 21:38
15  
Weak it may be, but it's quick and easy. Depending on the use-case, this is fine -- I've used it because I didn't need security or strength; just a quick-fire shuffle. I'm writing a unit test, and this gives me a suitably random input to test with. – SDC Mar 12 '13 at 13:44
19  
@FranciscoPresencia the reason it is not secure is because it never uses the same character twice. That makes it a terrible password generator. Please everyone stop up voting this, it is totally insecure must never be used. As the password gets longer, the number of characters you must test in a brute force gets shorter because you do not bother testing any previously used character. – Abhi Beckert Aug 9 '13 at 19:33
2  
@FranciscoPresencia: I support your comments about avoiding using this for random passwords. However, I disagree that this answer should not be plus-one'd. I have plus-one'd this option for since it is an effective one-line solution for generating random strings (the original topic of this question). – bwright Dec 6 '13 at 17:11
up vote 96 down vote

There are a lot of answers to this question, but none of them leverage a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG).

The simple, secure, and correct answer is to use RandomLib and don't reinvent the wheel.

For those of you who insist on inventing your own solution, PHP 7.0.0 will provide random_int() for this purpose; if you're still on PHP 5.x, we wrote a PHP 5 polyfill for random_int() so you can use the new API even before you upgrade to PHP 7.

Safely generating random integers in PHP isn't a trivial task. You should always check with your resident StackExchange cryptography experts before you deploy a home-grown algorithm in production.

With a secure integer generator in place, generating a random string with a CSPRNG is a walk in the park.

Creating a Secure, Random String

/**
 * Generate a random string, using a cryptographically secure 
 * pseudorandom number generator (random_int)
 * 
 * For PHP 7, random_int is a PHP core function
 * For PHP 5.x, depends on https://github.com/paragonie/random_compat
 * 
 * @param int $length      How many characters do we want?
 * @param string $keyspace A string of all possible characters
 *                         to select from
 * @return string
 */
function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
{
    $str = '';
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $str .= $keyspace[random_int(0, $max)];
    }
    return $str;
}

Usage:

$a = random_str(32);
$b = random_str(8, 'abcdefghijklmnopqrstuvwxyz');

Demo: https://3v4l.org/KKlc3 (Ignore the PHP 5 failures; it needs random_compat)

share|improve this answer
up vote 45 down vote

@tasmaniski: your answer worked for me. I had the same problem, and I would suggest it for those who are ever looking for the same answer. Here it is from tasmaniski:

<?php 
    $random = substr( md5(rand()), 0, 7);
    echo $random;
?>
share|improve this answer
2  
if your string is based on only a random integer, why not just use the random integer? they haystack doesnt get any deeper by hashing it... and by cutting the hash of you actually deminish the little entropy you had to start with. – The Surrican Sep 13 '14 at 14:23
4  
Keep in mind md5 will result in a 30 character limit and always lowercase characters. – fyrye Nov 3 '14 at 15:12
2  
Additionally, rand() shouldn't be used for cryptography. If you're looking to generate a crypographically sound string, use openssl_random_pseudo_bytes. – mattkgross Feb 23 '15 at 4:44
    
md5(rand()) only offers 2^32 possible values. This means after, on average, 2^16 random strings you will expect one to repeat. – Scott Arciszewski Jun 29 '15 at 3:45
up vote 34 down vote

Creates a 20 char long hexdec string:

$string = bin2hex(openssl_random_pseudo_bytes(10));

In PHP 7 (random_bytes()):

$string = base64_encode(random_bytes(10)); // about 14 chars
// or
$string = bin2hex(random_bytes(10)); // 20 chars
share|improve this answer
1  
Best one-liner ever! :) – tftd Sep 14 '15 at 0:53
    
Please note that openssl_random_pseudo_bytes() did not use a cryptographically strong algorithm until php 5.6. Related bug: bugs.php.net/bug.php?id=70014 – acidtv Aug 8 at 15:30
up vote 30 down vote

Depending on your application (I wanted to generate passwords), you could use

$string = base64_encode(openssl_random_pseudo_bytes(30));

Being base64, they may contain = or - as well as the requested characters. You could generate a longer string, then filter and trim it to remove those.

openssl_random_pseudo_bytes seems to be the recommended way way to generate a proper random number in php. Why rand doesn't use /dev/random I don't know.

share|improve this answer
1  
rand doesn't use /dev/urandom because that is only available in posix like environments and is not portable. – MacroMan Mar 25 '14 at 9:22
3  
@MacroMan But openssl_random_pseudo_bytes() is portable. – Ja͢ck Jul 29 '14 at 5:29
    
If you want to strip out the extra base64 characters, try this: gist.github.com/zyphlar/7217f566fc83a9633959 – willbradley Dec 20 '14 at 22:38
1  
This isn't wrong, but I would advise caution in how you discard the unwanted characters. See this pull request on the PHP league's OAuth2 Server, for example. – Scott Arciszewski Jul 6 '15 at 6:11
    
This is one of the best answers. Pity it doesn't have more support. I would recommend editing your answer for better handling of unwanted characters though. – jcuenod Aug 4 at 18:32
up vote 17 down vote

$randstring in the function scope is not the same as the scope where you call it. You have to assign the return value to a variable.

$randstring = RandomString();
echo $randstring;

Or just directly echo the return value:

echo RandomString();

Also, in your function you have a little mistake. Within the for loop, you need to use .= so each character gets appended to the string. By using = you are overwriting it with each new character instead of appending.

$randstring .= $characters[rand(0, strlen($characters))];
share|improve this answer
up vote 17 down vote 
function generateRandomString($length = 15)
{
    return substr(sha1(rand()), 0, $length);
}

Tada!

share|improve this answer
    
Keep in mind sha1 will result in a 40 character limit and always lowercase characters. – fyrye Nov 3 '14 at 15:11
3  
sha1 strings are not random, certain characters will occur more frequently than others. It would be unwise to use this in cases where you genuinely want randomness like for passwords. – Kit Sunde Nov 11 '14 at 12:55
    
@KitSunde - yes, sha isn't random, rand() is random. And sha is perfectly fine for what is needed here. OP doesn't need crypto level of randomness. – Davor Oct 9 '15 at 12:52
    
@Davor rant() being random doesn't matter when sha isn't evenly distributed. If you randomly select from an uneven distribution you get the exact same uneven distribution. It's not "crypto level" randomness I'm highlighting, if that was the case you shouldn't be using rand() either. It takes minimal effort to pluck from an even distribution like in the accepted answer and it's as random as rand() is which is reasonably so. – Kit Sunde Oct 9 '15 at 14:57
    
@KitSunde - it makes literally no difference in the end. That's exactly the definition of overengineering and gold plating. – Davor Oct 9 '15 at 17:06
up vote 17 down vote

A better way to implement this function is:

function RandomString($length) {
    $keys = array_merge(range(0,9), range('a', 'z'));

    for($i=0; $i < $length; $i++) {
        $key .= $keys[mt_rand(0, count($keys) - 1)];
    }
    return $key;
}

echo RandomString(20);

mt_rand is more random according to this and this

share|improve this answer
up vote 16 down vote

I know this may be a bit late to the game, but here is a simple one-liner that generates a true random string without any script level looping or use of openssl libraries.

echo substr(str_shuffle(str_repeat('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', mt_rand(1,10))),1,10);

To break it down so the parameters are clear

// Character List to Pick from
$chrList = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

// Minimum/Maximum times to repeat character List to seed from
$chrRepeatMin = 1; // Minimum times to repeat the seed string
$chrRepeatMax = 10; // Maximum times to repeat the seed string

// Length of Random String returned
$chrRandomLength = 10;

// The ONE LINE random command with the above variables.
echo substr(str_shuffle(str_repeat($chrList, mt_rand($chrRepeatMin,$chrRepeatMax))),1,$chrRandomLength);

This method works by randomly repeating the character list, then shuffles the combined string, and returns the number of characters specified.

You can further randomize this, by randomizing the length of the returned string, replacing $chrRandomLength with mt_rand(8, 15) (for a random string between 8 and 15 characters).

share|improve this answer
    
sorry to say but when one character gots selected its probability of occuring again is not as high as the other characters still remaining in the pool. no true randomness here... – The Surrican Sep 13 '14 at 14:16
    
@TheSurrican - You would be incorrect in that statement. All characters have an equal probability using this algorithm, and thus is truly random. This is ensured by repeating the chrList string $chrRepeatMax, and the magic really happens in str_shuffle which determines the randomness. – Samuel Jackson Apr 16 '15 at 8:56
    
All chars would appear only once and it is very prone to bruteforce guess – venimus Jul 20 '15 at 9:28
    
@venimus Thats incorrect. The char string is duplicated for as many characters as you want (see $chrRepeatMax and $chrRepeatMin ) -- so a 10 char string , could (unlikely, but possible), be "aaaaaaaaaa". – Samuel Jackson Aug 3 '15 at 14:26
    
@SanuelJackson Sorry I miss-commented. I've put the comment on the wrong answer. You are right! I actually used your "trick", but didn't use mt_rand, because it is useless IMHO. It does not add to the entropy. Just used const with the max-length. – venimus Aug 4 '15 at 13:06
up vote 12 down vote

First, you define the alphabet you want to use:

$alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$special  = '~!@#$%^&*(){}[],./?';
$alphabet = $alphanum . $special;

Then, use openssl_random_pseudo_bytes() to generate proper random data:

$len = 12; // length of password
$random = openssl_random_pseudo_bytes($len);

Finally, you use this random data to create the password. Because each character in $random can be chr(0) until chr(255), the code uses the remainder after division of its ordinal value with $alphabet_length to make sure only characters from the alphabet are picked (note that doing so biases the randomness):

$alphabet_length = strlen($alphabet);
$password = '';
for ($i = 0; $i < $len; ++$i) {
    $password .= $alphabet[ord($random[$i]) % $alphabet_length];
}

Alternatively, and generally better, is to use RandomLib and SecurityLib:

use SecurityLib\Strength;

$factory = new RandomLib\Factory;
$generator = $factory->getGenerator(new Strength(Strength::MEDIUM));

$password = $generator->generateString(12, $alphabet);
share|improve this answer
    
The use of the modulo operator % will produce biased output. However, strong +1 for RandomLib. Don't reinvent the wheel. – Scott Arciszewski Jun 29 '15 at 3:47
1  
Yeah, the new random_int() function is nice :D – Ja͢ck Jun 29 '15 at 4:02
up vote 6 down vote 
function rndStr($len = 64) {
     $randomData = file_get_contents('/dev/urandom', false, null, 0, $len) . uniqid(mt_rand(), true);
     $str = substr(str_replace(array('/','=','+'),'', base64_encode($randomData)),0,$len);
    return $str;
}
share|improve this answer
3  
This is not portable; if you try to run this in any non-posix environment, it will cause a fatal error. – Bryan Agee Feb 11 '14 at 17:58
up vote 3 down vote

The edited version of the function works fine, just one issue I found: You used the wrong character to enclose $characters, so the ’ character is sometimes part of the random string that is generated.

To fix this, change:

$characters = ’0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;

to:

$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

This way only the enclosed characters are used, and the ’ character will never be a part of the random string that is generated.

share|improve this answer
up vote 3 down vote

One very quick way is to do something like:

substr(md5(rand()),0,10);

This will generate a random string with the length of 10 chars. Of course, some might say it's a bit more heavy on the computational side, but nowadays processors are optimized to run md5 or sha256 algorithm very quickly. And of course, if the rand() function returns the same value, the result will be the same, having a 1 / 32767 chance of being the same. If security's the issue, then just change rand() to mt_rand()

share|improve this answer
    
that just hurts... – The Surrican Sep 13 '14 at 14:27
up vote 3 down vote

Another one-liner, which generates a random string of 10 chars with letters and numbers. It will create an array with range (adjust the second parameter to set the size), loops over this array and assigns a random ascii-char (range 0-9 or a-z), then implodes the array to get a string.

$str = implode('', array_map(function () { return chr(rand(0, 1) ? rand(48, 57) : rand(97, 122)); }, range(0, 9)));

Note: only works in PHP 5.3+

share|improve this answer
    
finally a truly random solution not some bloated hash of a 32 bit random integer or a shuffled string... – The Surrican Sep 13 '14 at 14:15
    
theres just one issue: numbers are as likely to occur as characters, which is not as random as i would love to have it. anyaway +1 for the best solution on this page. tweak that and its perfect. – The Surrican Sep 14 '14 at 1:19
    
tweak... like this? rand(0, 57-48+122-97)<57-48?...:... ? :) – vp_arth Jan 12 '15 at 12:23
up vote 3 down vote

Helper function from Laravel 5 framework

/**
 * Generate a "random" alpha-numeric string.
 *
 * Should not be considered sufficient for cryptography, etc.
 *
 * @param  int  $length
 * @return string
 */
function str_random($length = 16)
{
    $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

    return substr(str_shuffle(str_repeat($pool, $length)), 0, $length);
}
share|improve this answer
2  
"Should not be considered sufficient for cryptography, etc." This should be strongly emphasized. – Scott Arciszewski Jun 29 '15 at 3:52
up vote 2 down vote

I liked the last comment which used openssl_random_pseudo_bytes, but it wasn't a solution for me as I still had to remove the characters I didn't want, and I wasn't able to get a set length string. Here is my solution...

function rndStr($len = 20) {
    $rnd='';
    for($i=0;$i<$len;$i++) {
        do {
            $byte = openssl_random_pseudo_bytes(1);
            $asc = chr(base_convert(substr(bin2hex($byte),0,2),16,10));
        } while(!ctype_alnum($asc));
        $rnd .= $asc;
    }
    return $rnd;
}
share|improve this answer
up vote 2 down vote

one line.
fast for huge strings with some uniqueness.

function random_string($length){
    return substr(str_repeat(md5(rand()), ceil($length/32)), 0, $length);
}
share|improve this answer
    
md5(rand()) is a horrendously insecure way to generate a random number. – Scott Arciszewski Jun 29 '15 at 3:42
1  
a string with X length and some uniqueness is the intent. true randomness is not the intent. – Jacob Smith Jul 10 '15 at 0:02
up vote 2 down vote

This one was taken from adminer sources:

/** Get a random string
* @return string 32 hexadecimal characters
*/
function rand_string() {
    return md5(uniqid(mt_rand(), true));
}

Adminer, database management tool written in PHP.

share|improve this answer
up vote 1 down vote 
function randomString() {
       return md5(rand(100, 200));
}
share|improve this answer
1  
This is only partly random, since you are limiting it to 100 unique combinations. Additionally, md5 will always return a string with 32 characters length. Good for general usage, but not if you need a huge amount of truly unique strings. See my answer for an example with better randomness using the current time, md5() and base64_decode(). – hasMobi - Android Apps Sep 4 '13 at 10:43
up vote 1 down vote

Another way to generate a random string in PHP is:

function RandomString($length) {
    $original_string = array_merge(range(0,9), range('a','z'), range('A', 'Z'));
    $original_string = implode("", $original_string);
    return substr(str_shuffle($original_string), 0, $length);
}
echo RandomString(6);
share|improve this answer
up vote 1 down vote

Here is how I am doing it to get a true unique random key:

$Length = 10;
$RandomString = substr(str_shuffle(md5(time())), 0, $Length);
echo $RandomString;

You can use time() since it is a Unix timestamp and is always unique compared to other random mentioned above. You can then generate the md5sum of that and take the desired length you need from the generated MD5 string. In this case I am using 10 characters, and I could use a longer string if I would want to make it more unique.

I hope this helps.

share|improve this answer
2  
Of course, time() is far from unique: it'll return the same value again and again until current second ends. What really provides some randomness here is str_shuffle()—the rest of the code only reduces the sample to pick chars from. – Álvaro González Apr 21 '14 at 16:03
1  
so what you are basically doing is shuffling around a 32 bit integer. not a lot of entropy here... – The Surrican Sep 13 '14 at 14:15
2  
An attacker can guess the value returned by time() (it's only a timestamp), it's a weak source of randomness. – A.L Nov 28 '14 at 14:04
up vote 1 down vote

There is a simple code:

echo implode("",array_map(create_function('$s','return substr($s,mt_rand(0,strlen($s)),1);'),array_fill(0,16,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")));

There is simple guide:

  • To change the length of string, please change the 16 to another value, only.
  • To to select from different characters, please change the character string.
share|improve this answer
up vote 0 down vote 
<?php
    /**
     * Creates a random string
     *
     * @param (int) $length
     *   Length in characters
     * @param (array) $ranges
     *   (optional) Array of ranges to be used
     *
     * @return
     * Random string
    */
    function random_string($length, $ranges = array('0-9', 'a-z', 'A-Z')) {
        foreach ($ranges as $r) $s .= implode(range(array_shift($r = explode('-', $r)), $r[1]));
        while (strlen($s) < $length) $s .= $s;
        return substr(str_shuffle($s), 0, $length);
    }

    // Examples:
    $l = 100;
    echo '<b>Default:</b> ' . random_string($l) . '<br />';
    echo '<b>Lower Case only:</b> ' . random_string($l, array('a-z')) . '<br />';
    echo '<b>HEX only:</b> ' . random_string($l, array('0-9', 'A-F')) . '<br />';
    echo '<b>BIN only:</b> ' . random_string($l, array('0-1')) . '<br />';

/* End of file */
share|improve this answer
    
if you want to be using proper PHP, replace the first line of the function with foreach ($ranges as $r) $s .= implode('', range(array_shift($r = explode('-', $r)), $r[1])); – Geo Nov 14 '12 at 18:59
up vote 0 down vote 
function getRandomString($length) {
  $salt = array_merge(range('a', 'z'), range(0, 9));
  $maxIndex = count($salt) - 1;

  $result = '';
  for ($i = 0; $i < $length; $i++) {
    $index = mt_rand(0, $maxIndex);
    $result .= $salt[$index];
  }
  return $result
}
share|improve this answer
up vote 0 down vote

Source: PHP Function that Generates Random Characters

This PHP function worked for me:

function cvf_ps_generate_random_code($length=10) {

   $string = '';
   // You can define your own characters here.
   $characters = "23456789ABCDEFHJKLMNPRTVWXYZabcdefghijklmnopqrstuvwxyz";

   for ($p = 0; $p < $length; $p++) {
       $string .= $characters[mt_rand(0, strlen($characters)-1)];
   }

   return $string;

}

Usage: 

echo cvf_ps_generate_random_code(5);
share|improve this answer
up vote 0 down vote

The following function generates pseudo string of any length. 

/**
 * Returns random string of a given length.
 */
function get_random_string($length) {
  $pull = [];
  while (count($pull) < $length) {
    $pull = array_merge($pull, range(0, 9), range('a', 'z'), range('A', 'Z'));
  }
  shuffle($pull);
  return substr(implode($pull), 0, $length);
}
share|improve this answer
up vote -1 down vote 
function randomName($length = 8) {
  $values = array_merge(range(65, 90), range(97, 122), range(48, 57));
  $max = count($values) - 1;
  $str = chr(mt_rand(97, 122));
  for ($i = 1; $i < $length; $i++) {
    $str .= chr($values[mt_rand(0, $max)]);
  }
  return $str;
}
share|improve this answer
up vote -1 down vote

If you are using this random string in a place where a user might see it or use it (eg as a password generator, you might want to limit the set of characters used to exclude vowels. That way you will not accidentally generate bad words and offend someone. Don't laugh it happens.

share|improve this answer
1  
Also, I would add that you shouldn't include visually similar characters, e.g. 1=>l (lowercase L), 0 (digit)=>O (letter). These can be confusing to the user since they look similar at first glance, so only stick to the distinct ones. – hasMobi - Android Apps Sep 4 '13 at 10:45
up vote -1 down vote

try this:

function generate_name ($length = LENGTH_IMG_PATH) {
    $image_name = "";
    $possible = "0123456789abcdefghijklmnopqrstuvwxyz";

    $i = 0;

    while ($i < $length) {

        $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);

        if (!strstr($image_name, $char)) {
            $image_name .= $char;
            $i++;               
        }              
    }            
    return $image_name;
}
share|improve this answer
1 2

protected by animuson Jul 17 '13 at 22:51

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).

Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged or ask your own question.