This is a short guide on how to generate a random number using PHP.

Let’s take a look at one of the simplest examples:

1 2 3 4 5 6 7 8 9 10 |
//The minimum / lowest number. $min = 0; //The max / highest number. $max = 10; //Generate a random number using the rand function. $number = rand($min, $max); //Print the result echo $number; |

In the code sample above, we used PHP’s rand function to generate a random number between 0 and 10. If we wanted a number between 1 and 10, then we’d simply change our $min variable to 1, as $min represents the lowest value that the rand function should return. If we wanted a number between 1 and 100, then we’d change $min to 1 and $max to 100. Pretty simple, right?

It is important to note that the rand function is * not cryptographically secure* and that it should not be used in any important security features. This function will return what we call a pseudo random value. A pseudo random value isn’t really random as it is often based on things such as the current date and time.

In the next example, we will use the function mt_rand instead of rand:

1 2 3 4 5 6 7 8 9 10 11 12 |
<?php //The min / smallest number. $min = 1; //The max / largest number. $max = 1000; //Generate a random number using the rand function. $number = mt_rand($min, $max); //Print the result echo $number; |

The mt_rand function is superior to rand because it uses a better randomization algorithm (Mersenne Twister Random Number Generator). In the example above, we are generating a random number between 1 and 1000.

Although the mt_rand function is more “random” than the rand function, it is still * not cryptographically secure*! This means that you should not use it in cases where an unbiased random number is absolutely critical.

It is worth noting that the mt_rand function has completely superseded the rand function as of PHP 7.1. Since 7.1. onward, rand has become an alias of mt_rand. This means that if you call the rand function, you will really be calling the mt_rand function.

## Cryptographically secure.

If you need a random number that is cryptographically secure, then you have two choices.

- If you are using PHP 7 or above, then you can use the random_int function. This function works similar to the functions we used in the code samples above.
- If you are using an older version of PHP, then you should check out the random_compat on Github, which provides PHP 5.x support for the random_int function.

Hopefully, this article managed to answer any questions that you had.

Related: Generate a random token with PHP.