Jump to content
mds1256

How to generate unique IDs that only contains alphanumeric characters

Recommended Posts

Hi

Looking to create an ID which only contains alpha-numeric (no special chars).

I looked to generate random bytes and then encode in base64 but base64 contains = + /.

The below seems to do it but not sure if bin2hex can return non alpha numeric?

bin2hex(openssl_random_pseudo_bytes(18));

 

Edited by mds1256

Share this post


Link to post
Share on other sites

How about this:

 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Edited by gw1500se
  • Great Answer 1

Share this post


Link to post
Share on other sites
1 hour ago, benanamen said:

 What is the real problem that you're trying to solve with this?

I am trying to generate a unique ID that I can store in the database and use as a session ID.

I could URLEncode but I have never seen session IDs with %20 etc in the ID.

Share this post


Link to post
Share on other sites

You need to elaborate more. Session IDs are usually generated automatically when you use PHP sessions and stored in cookies. There is generally no need to store them in a database unless you do not really mean session ID in the traditional sense.

Edited by gw1500se
  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, gw1500se said:

You need to elaborate more. Session IDs are usually generated automatically when you use PHP sessions and stored in cookies. There is generally no need to store them in a database unless you do not really mean session ID in the traditional sense.

I don't mean in a traditional sense, they are more like a temporary identifier that I want to use instead of an auto increment INT in the database.

Share this post


Link to post
Share on other sites

It would be much more helpful to tell us exactly what you are doing and why you are trying to do it the way you are.

Share this post


Link to post
Share on other sites
2 minutes ago, benanamen said:

It would be much more helpful to tell us exactly what you are doing and why you are trying to do it the way you are.

In the mysql sessions table I will be storing session data for a limited timeframe, (login sessions), these last no more than 1 hour max.

There will be lots and lots of login sessions and I need to pass back a session ID to the client but not using an incremental number e.g. session id 1, session id 2, session id 3.

I want to pass back a totally random session id, it also allows me to not worry about ever running out of numbers from auto increment (although using an unsigned bigint will give me over 18 quadrillion possible session address row ids). I will have a process that clears out stale sessions every hour.

Share this post


Link to post
Share on other sites
3 minutes ago, benanamen said:

What you describe is exactly what the built-in session functions do. Why is that not acceptable?

It is for a REST api and they should be stateless in respect of not sending cookies etc and I believe using php sessions generates a session on the server and sends a cookie?

Share this post


Link to post
Share on other sites

It sends nothing unless you extract the data from the cookie and sent it yourself. Cookies are stored on the client side.

Share this post


Link to post
Share on other sites
4 minutes ago, gw1500se said:

It sends nothing unless you extract the data from the cookie and sent it yourself. Cookies are stored on the client side.

But I don't want to have a cookie at all, sessions also create a session file on the server......

Share this post


Link to post
Share on other sites

Back to benanamen's question. What is your reasoning for that? Just trying to help you with best practices.

Edited by gw1500se

Share this post


Link to post
Share on other sites

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

Share this post


Link to post
Share on other sites
25 minutes ago, requinix said:

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

Thanks but I don’t want to use php sessions, I just need a random unique string to use as an id. I think we have gotten off topic slightly.

Share this post


Link to post
Share on other sites

You need an identifier to be able to track the user making the requests, right? That's sessions. They aren't just for people regularly browsing a site.

Share this post


Link to post
Share on other sites
14 minutes ago, ginerjm said:

May I ask why you don't want to use PHP sessions?

Hi

The front end is load balanced across servers so need to store session in db and not use php sessions

Share this post


Link to post
Share on other sites

Sessions are a concept. Not an implementation. They don't have to use cookies. They don't have to use files.

The concept you need is a unique identifier for clients so you can track them. That is what sessions do.

  • Like 1

Share this post


Link to post
Share on other sites

Rather than trying to invent your own solution to stateless REST API tokens, I would suggest you take a look at JSON Web Tokens (JWT).

Here are some resources to help you understand what they are:  https://jwt.io/

Integrating into PHP:  https://www.sitepoint.com/php-authorization-jwt-json-web-tokens/  (Don't get too caught up in the specific libraries he used.)

Another PHP Article by a PHP JWT Library author:  https://dev.to/robdwaller/how-to-create-a-json-web-token-using-php-3gml

 

 

  • Like 1

Share this post


Link to post
Share on other sites
On 12/18/2018 at 7:14 AM, gw1500se said:

How about this:


 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Will this work for creating a random user ID that is used in the database as a guide for the user?

Share this post


Link to post
Share on other sites
On 1/1/2019 at 10:34 AM, Karaethon said:

Will this work for creating a random user ID that is used in the database as a guide for the user?

DOH! as a GUID for the user. Stupid autocorrect.

Share this post


Link to post
Share on other sites
17 minutes ago, Karaethon said:

DOH! as a GUID for the user. Stupid autocorrect.

gw1500se's code does not create GUIDs.

Share this post


Link to post
Share on other sites
1 hour ago, requinix said:

gw1500se's code does not create GUIDs.

I see, but I could use it, or some modified version of it, to make unique primary keys for my users table couldn't I? Or is there a better way?

Share this post


Link to post
Share on other sites

I've already told you what I think the better way is.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.