3

I've been using this to gender a random 12 character string:

//  lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters
$ch = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&(){}[]+=-_/?|*#";
$sc = "";    
for ($p = 0; $p < 12; $p++) {
    $sc .= $ch[mt_rand(0,82)];  // 83 is the strlen of characters
}

It turns out that it in practice it can include a space in the string. This was not expected!

Why would it be? Does it treat the underscore as a space? It's been causing random (and until now, untraceable) bugs.

Thanks.

Improve this question
13
  • $ch is not an array and space is not included in $ch. Um... Commented May 15, 2012 at 10:05
  • @ShivanRaptor $string[3] maps to specific characters in a string. Commented May 15, 2012 at 10:06
  • 2
    Just tested the above code. no spaces. Commented May 15, 2012 at 10:06
  • I run it 10k times. No spaces (` `)! Commented May 15, 2012 at 10:10
  • 1
    I think you should show your full code that shows space Commented May 15, 2012 at 10:17

4 Answers 4

Reset to default
2

At a guess (not tested) change the quotes around the $ch string to single quotes. stops the braces from being "evaluated"

Edit:

Just to update after some testing - it's NOT converting "as is" - so there's something else in the code that's causing problems. Just ran it over 100,000 times without spaces.

Still put as single quotes to rule that issue out (you may have other variables that are getting evaluated) but that alone is not the issue.

Danger characters are described here

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I agree, it could be that $% is being evaluated, either escape that character or use single quotes
Use single quote for $ch to avoid parsing of its contents.
No it does not evaluate $%. I have tested.
So what are the danger characters in the string, then? It gets passed as JSON, for instance, so I've considered killing braces anyway.
1

Your function looks good. I think that the possible scenario is that you apply some decoding function on the resulting string later in the code. For example "M0i/%20=3ia5" after urldecode will look like "M0i/ =3ia5".

Improve this answer

3 Comments

What if I saved one as a cookie? (I do.) Would that mess it up? What characters should I avoid using?
Normally all cookies are urlencoded when sent to browser and urldecoded back in PHP. I don't think that this is an issue.
Another thought: Do you use setrawcookie() to set cookie and $_COOKIE array when reading cookies? If yes - you got the bug.
1

You could end up generating html entities. Imagine if your code generated &nbsp or &#160 for example, a space would appear in the string.

Improve this answer

Comments

1

Why not just use:

    $length = 12;
    $randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
    echo $randomString;
Improve this answer

1 Comment

Interesting. Have you tested which is faster?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.