One concept that needs a little bit of explanation is seeds. Put simply, these are just numbers that can be used to initialize the rand() and mt_rand() functions before generating any random numbers. The function which seeds rand() is called srand($seed), and the function which seeds mt_rand() is called mt_srand($seed, $mode). It's important to remember that providing an initial seed value every single time before calling rand() and mt_rand() won't necessarily produce better random numbers. In fact, using the same seed each time will give you the same random number as well! Seeding a random number is useful in situations where you want to generate a random but reproducible sequence. The following code snippet generates the same sequence of random numbers when run twice. Generating reproducible random sequences this way can help debug programs which were being tested using random data—if you keep track of the seed, you can reproduce the same input to figure out what went wrong. ## Generating Random Alphanumeric Strings in PHP There are many ways to generate random alphanumeric strings, and what you use will depend on your needs. ### Generate a Unique ID If you simply want to generate a unique string and it does not have to be cryptographically secure, then consider using the uniqid() function. It returns a unique identifier based on the current timestamp. The function also accepts two parameters to add a prefix or increase the entropy of the generated string. Here are some of its examples: ### Generate Shuffled Strings If you want to generate random alphanumeric strings from a fixed set of characters, you can use the str_shuffle($string) function. This function will provide you a randomly shuffled string. Starting from PHP 7.1, the algorithm which determines the random order of characters in the output string has been changed to the Mersenne Twister.

Remember that the random string generated this way is not cryptographically secure. However, the string will still be pretty unpredictable for common use like generating random file names or URLs. Here are a few examples:

Your output will most probably be different in both cases. In the first case, we just shuffled the permitted characters string and then took the first 10 characters of it. In the second case, we added "video" at the beginning of the generated string and ".mp4" at the end.

This method of generating random alphanumeric strings is very easy, but it has a couple of issues. For example, you will never get the same characters in your random string twice. Also, the length of the random output string can only be as long as the input string.

### Generate Random Strings

If the problems I listed above are a deal breaker, you might want to look at some other implementations. The following code will solve both these problems.

You can modify it to add particular suffixes and prefixes to the generated random string. People who are using PHP 7 can improve the string generation further by using the cryptographically secure function random_int() instead of mt_rand().

If you want to generate random hexadecimal strings in PHP, you can also use either the md5($string,$raw_output) or the sha1($string,$raw_output) function. Both of them will generate hashes of a given input string.

You will keep getting unique hashes as long as the input is unique. This could be achieved by using the output of a function like time() as the input. By default, md5() will return a 32-character hexadecimal string, and sha1() will return a 40-character hexadecimal string. These can be trimmed to a specific length using the substr() function.

Here is an example of the output returned by these functions:

As you can see, generating random and unique hexadecimal strings up to 40 characters long is very easy in PHP.

### Generate Cryptographically Secure Random Strings

The three functions to generate random alphanumeric strings that we have discussed so far are not cryptographically secure. Luckily, PHP also has a function called random_bytes($length) to generate cryptographically secure pseudo-random bytes. The $length parameter determines how long the output string should be.

Once you have the output in terms of random bytes, you can use the bin2hex() function to convert them to hexadecimal values. This will double the length of the string.

Another function that you can use to generate cryptographically secure random bytes is openssl_random_pseudo_bytes($length, &$crypto_strong). The value of the second parameter can be used to determine if the output string will be generated using a cryptographically secure algorithm or not.

In the above examples, using the bin2hex() function gives us the final value as a hexadecimal string. If for some reason, you want a cryptographically secure random alphanumeric string that utilizes all characters from a to z, you should consider using the following function.

The secure_random_string() function we wrote above accepts a single parameter that determines the length of the string we would like it to return. We run a for loop that generates a random integer in the range 0 to 36. After that, we convert our number from base 10 to base 36 using the base_convert() function. The resulting character could be anything from digits 0 to 9 and characters a to z. We append it at the end of our random string. In the end, we return our full string.

## Final Thoughts

In this tutorial, we looked at the generation of random numbers and alphanumeric strings in PHP. Generating random numbers can be useful in a variety of situations, like in games where you have to spawn enemy players or randomly give users some clues about letters so they can form a whole word.

Just like random numbers, the generation of random alphanumeric strings can also be pretty helpful in many circumstances. With the help of str_shuffle(), you can choose which set of characters appear in your random strings. With sha1() and md5(), you can easily generate random hexadecimal sequences, and with random_bytes() you can generate cryptographically secure strings. This will allow you to generate meaningful yet randomized filenames and usernames that are hard to guess.

I hope you enjoyed this tutorial. If you have any questions, feel free to ask them in the comments.