Jump to content

How to generate unique IDs that only contains alphanumeric characters


mds1256

Recommended Posts

Hi

Looking to create an ID which only contains alpha-numeric (no special chars).

I looked to generate random bytes and then encode in base64 but base64 contains = + /.

The below seems to do it but not sure if bin2hex can return non alpha numeric?

bin2hex(openssl_random_pseudo_bytes(18));

 

Link to comment
Share on other sites

How about this:

 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Link to comment
Share on other sites

1 hour ago, benanamen said:

 What is the real problem that you're trying to solve with this?

I am trying to generate a unique ID that I can store in the database and use as a session ID.

I could URLEncode but I have never seen session IDs with %20 etc in the ID.

Link to comment
Share on other sites

1 hour ago, gw1500se said:

You need to elaborate more. Session IDs are usually generated automatically when you use PHP sessions and stored in cookies. There is generally no need to store them in a database unless you do not really mean session ID in the traditional sense.

I don't mean in a traditional sense, they are more like a temporary identifier that I want to use instead of an auto increment INT in the database.

Link to comment
Share on other sites

2 minutes ago, benanamen said:

It would be much more helpful to tell us exactly what you are doing and why you are trying to do it the way you are.

In the mysql sessions table I will be storing session data for a limited timeframe, (login sessions), these last no more than 1 hour max.

There will be lots and lots of login sessions and I need to pass back a session ID to the client but not using an incremental number e.g. session id 1, session id 2, session id 3.

I want to pass back a totally random session id, it also allows me to not worry about ever running out of numbers from auto increment (although using an unsigned bigint will give me over 18 quadrillion possible session address row ids). I will have a process that clears out stale sessions every hour.

Link to comment
Share on other sites

3 minutes ago, benanamen said:

What you describe is exactly what the built-in session functions do. Why is that not acceptable?

It is for a REST api and they should be stateless in respect of not sending cookies etc and I believe using php sessions generates a session on the server and sends a cookie?

Link to comment
Share on other sites

4 minutes ago, gw1500se said:

It sends nothing unless you extract the data from the cookie and sent it yourself. Cookies are stored on the client side.

But I don't want to have a cookie at all, sessions also create a session file on the server......

Link to comment
Share on other sites

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

Link to comment
Share on other sites

25 minutes ago, requinix said:

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

Thanks but I don’t want to use php sessions, I just need a random unique string to use as an id. I think we have gotten off topic slightly.

Link to comment
Share on other sites

Rather than trying to invent your own solution to stateless REST API tokens, I would suggest you take a look at JSON Web Tokens (JWT).

Here are some resources to help you understand what they are:  https://jwt.io/

Integrating into PHP:  https://www.sitepoint.com/php-authorization-jwt-json-web-tokens/  (Don't get too caught up in the specific libraries he used.)

Another PHP Article by a PHP JWT Library author:  https://dev.to/robdwaller/how-to-create-a-json-web-token-using-php-3gml

 

 

Link to comment
Share on other sites

  • 2 weeks later...
On 12/18/2018 at 7:14 AM, gw1500se said:

How about this:


 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Will this work for creating a random user ID that is used in the database as a guide for the user?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.