Home Whiteboard Practice Code Graphing Calculator Online Compilers Articles Tools
Tutorials Courses Jobs

How to Generate a Random, Unique, Alphanumeric String in PHP

PHP Server Side Programming Programming

Generating random, unique, alphanumeric strings in PHP is a common requirement for creating secure tokens, session IDs, passwords, or unique identifiers. PHP offers several builtin functions to accomplish this task with different levels of security and customization.

Method 1 Using str_shuffle() Function

The str_shuffle() function randomly shuffles all characters in a string. This method allows full control over the character set used ?

<?php
function generateRandomString($length = 10) {
   $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $randomString = substr(str_shuffle($characters), 0, $length);
   
   return $randomString;
}

// Generate a random string of length 8
$randomString = generateRandomString(8);
echo $randomString . "<br>";

// Generate a random string of length 12
$randomString = generateRandomString(12);
echo $randomString;
?>

lEXq1dNm
koSCdUgDpbLJ

Method 2 Using md5() Function

The md5() function creates a 32character hexadecimal hash from a unique identifier. This method produces lowercase alphanumeric strings ?

<?php
function generateRandomString($length = 10) {
   $randomString = md5(uniqid(rand(), true));
   $randomString = substr($randomString, 0, $length);
   
   return $randomString;
}

// Generate a random string of length 6
$randomString = generateRandomString(6);
echo $randomString . "<br>";

// Generate a random string of length 9
$randomString = generateRandomString(9);
echo $randomString;
?>

e9c129
f5ea68a8d

Method 3 Using sha1() Function

The sha1() function generates a 40character hexadecimal hash, providing a longer base string for random selection ?

<?php
function generateRandomString($length = 10) {
   $randomString = sha1(uniqid(rand(), true));
   $randomString = substr($randomString, 0, $length);
   
   return $randomString;
}

// Generate a random string of length 10
$randomString = generateRandomString(10);
echo $randomString . "<br>";

// Generate a random string of length 7
$randomString = generateRandomString(7);
echo $randomString;
?>

5cc2152344
5e93d4b

Method 4 Using random_bytes() Function

The random_bytes() function generates cryptographically secure random bytes, making it the most secure option for sensitive applications ?

<?php
function generateRandomString($length = 10) {
   $bytes = random_bytes(ceil($length / 2));
   $randomString = substr(bin2hex($bytes), 0, $length);
   
   return $randomString;
}

// Generate a random string of length 13
$randomString = generateRandomString(13);
echo $randomString . "<br>";

// Generate a random string of length 6
$randomString = generateRandomString(6);
echo $randomString;
?>

0e3245f8ef993
8ce222

Comparison

Method Character Set Security Level Use Case
str_shuffle() Customizable Low General purpose
md5() 09, af Medium Noncritical tokens
sha1() 09, af Medium Noncritical tokens
random_bytes() 09, af High Securitycritical applications

Conclusion

For securitycritical applications, use random_bytes() as it provides cryptographically secure randomness. For general purposes with custom character sets, str_shuffle() offers the most flexibility. Choose the method based on your security requirements and desired character set.

Updated on: 2026-03-15T10:28:22+05:30

4K+ Views

Learn More in Our Tutorials

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements