PHP随机字符串生成器比预期更随机

Question

I've been using this to gender a random 12 character string:

//  lost-in-code.com/programming/php-code/php-random-string-with-numbers-and-letters
$ch = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&(){}[]+=-_/?|*#";
$sc = "";    
for ($p = 0; $p < 12; $p++) {
    $sc .= $ch[mt_rand(0,82)];  // 83 is the strlen of characters
} 

It turns out that it in practice it can include a space in the string. This was not expected!

Why would it be? Does it treat the underscore as a space? It's been causing random (and until now, untraceable) bugs.

Thanks.

Answer 1

At a guess (not tested) change the quotes around the $ch string to single quotes. stops the braces from being "evaluated"

---

Edit:

Just to update after some testing - it's NOT converting "as is" - so there's something else in the code that's causing problems. Just ran it over 100,000 times without spaces.

Still put as single quotes to rule that issue out (you may have other variables that are getting evaluated) but that alone is not the issue.

Danger characters are described here

Answer 2

Your function looks good. I think that the possible scenario is that you apply some decoding function on the resulting string later in the code. For example "M0i/%20=3ia5" after urldecode will look like "M0i/ =3ia5".

Answer 3

You could end up generating html entities. Imagine if your code generated &nbsp or &#160 for example, a space would appear in the string.

Answer 4

Why not just use:

    $length = 12;
    $randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
    echo $randomString;