PHP 随机字符串生成器
我正在尝试在 PHP 中创建一个随机字符串,但我绝对没有输出:
I'm trying to create a randomized string in PHP, and I get absolutely no output with this:
<?php
function RandomString()
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randstring = '';
for ($i = 0; $i < 10; $i++) {
$randstring = $characters[rand(0, strlen($characters))];
}
return $randstring;
}
RandomString();
echo $randstring;
我做错了什么?
推荐答案
这个问题有很多答案,但没有一个利用 加密安全伪随机数生成器 (CSPRNG).
There are a lot of answers to this question, but none of them leverage a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG).
简单、安全、正确的答案是使用 RandomLib 并且不要重新发明轮子.
The simple, secure, and correct answer is to use RandomLib and don't reinvent the wheel.
对于那些坚持发明自己的解决方案的人,PHP 7.0.0 将提供 random_int()
为此目的;如果您仍在使用 PHP 5.x,我们为 random_int()
这样您甚至可以在升级到 PHP 7 之前使用新的 API.
For those of you who insist on inventing your own solution, PHP 7.0.0 will provide random_int()
for this purpose; if you're still on PHP 5.x, we wrote a PHP 5 polyfill for random_int()
so you can use the new API even before you upgrade to PHP 7.
安全生成随机整数在 PHP 中 不是一项简单的任务.在生产环境中部署本地算法之前,您应该始终与您的常驻 StackExchange 加密专家联系.
Safely generating random integers in PHP isn't a trivial task. You should always check with your resident StackExchange cryptography experts before you deploy a home-grown algorithm in production.
有了安全的整数生成器,使用 CSPRNG 生成随机字符串就像在公园里散步.
With a secure integer generator in place, generating a random string with a CSPRNG is a walk in the park.
/**
* Generate a random string, using a cryptographically secure
* pseudorandom number generator (random_int)
*
* This function uses type hints now (PHP 7+ only), but it was originally
* written for PHP 5 as well.
*
* For PHP 7, random_int is a PHP core function
* For PHP 5.x, depends on https://github.com/paragonie/random_compat
*
* @param int $length How many characters do we want?
* @param string $keyspace A string of all possible characters
* to select from
* @return string
*/
function random_str(
int $length = 64,
string $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
): string {
if ($length < 1) {
throw new RangeException("Length must be a positive integer");
}
$pieces = [];
$max = mb_strlen($keyspace, '8bit') - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
用法:
$a = random_str(32);
$b = random_str(8, 'abcdefghijklmnopqrstuvwxyz');
$c = random_str();
演示:https://3v4l.org/IMJGF(忽略 PHP5 次失败;它需要 random_compat)
Demo: https://3v4l.org/IMJGF (Ignore the PHP 5 failures; it needs random_compat)
相关文章