uniqid()
. It’s a PHP function that generates a unique identifier based on the current time in microseconds. I think I’ll use that.rand()
and uniqid()
are not cryptographically secure random number generators. See Scott’s answer for a secure alternative.md5(uniqid(rand(), true))
uniqid
is based on the time, and according to php.net “the return value is little different from microtime()”, uniqid
does not meet the criteria. PHP recommends using openssl_random_pseudo_bytes()
instead to generate cryptographically secure tokens.[a-f][0-9]
, but it works.crypto_rand_secure($min, $max)
works as a drop in replacement for rand()
or mt_rand
. It uses openssl_random_pseudo_bytes to help create a random number between $min and $max.getToken($length)
creates an alphabet to use within the token and then creates a string of length $length
.random_bytes($length)
and random_int($min, $max)
$key = md5(rand());
$key = md5(microtime());