In this latest post to his blog, Samer Borate talks about how not to create random strings and how, if you're not careful, it could backfire on you.
It is surprising to see how after all the code floating around people still find it hard to create random numbers. In a recent piece of code I encountered, the following was used to generate a string of random numbers. The code was written to provide a random string to be passed to a email verifier system - the type wherein a new user when he subscribes to a website needs to verify his email by clicking on a provided link.
He includes a snippet of the code that uses a call to str_shuffle on the set of numbers 1-10 to generate a random number. The only problem with the method is that, when the number gets large enough, PHP would automatically kick it into exponential format - not exactly ideal for an email link. Let this serve as a reminder for any scripts you might make that are similar.