Here is the correct solution:
$token = bin2hex(openssl_random_pseudo_bytes(16));
# or in php7
$token = bin2hex(random_bytes(16));
More Related Contents:
- best practice to generate random token for forgot password
- Codeigniter CSRF – how does it work
- Use of Initialization Vector in openssl_encrypt
- How can I prevent SQL injection in PHP?
- SQL injection that gets around mysql_real_escape_string()
- Secure hash and salt for PHP passwords
- Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
- HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK
- How do I use password hashing with PDO to make my code more secure? [closed]
- How to properly add cross-site request forgery (CSRF) token using PHP
- Examples of SQL Injections through addslashes()?
- PHP: Is mysql_real_escape_string sufficient for cleaning user input?
- Unable to find the wrapper “https” – did you forget to enable it when you configured PHP?
- PHP image upload security check list
- Stop people uploading malicious PHP files via forms
- “slash before every quote” problem [duplicate]
- You must enable the openssl extension to download files via https
- PHP: How To Disable Dangerous Functions
- How to prevent multiple logins in PHP website
- a better approach than storing mysql password in plain text in config file?
- Session hijacking and PHP
- What does mysql_real_escape_string() do that addslashes() doesn’t?
- Generate cryptographically secure random numbers in php
- Session timeouts in PHP: best practices
- Secure User Image Upload Capabilities in PHP
- Set httpOnly and secure on PHPSESSID cookie in PHP
- Does PHP’s $_REQUEST method have a security problem?
- Json: PHP to JavaScript safe or not?
- Limiting user login attempts in PHP [duplicate]
- What encryption algorithm is best for encrypting cookies?