As the rand() and mt_rand functions rely on a pseudorandom number generator, it should not be used for security-critical
applications or for protecting sensitive data.
You are at risk if you answered yes to the first question and any of the following ones.
random_int() or random_bytes()
or openssl_random_pseudo_bytes() openssl_random_pseudo_bytes(), provide and check the crypto_strong parameter $random = rand(); $random2 = mt_rand(0, 99);
$randomInt = random_int(0,99); // Compliant; generates a cryptographically secure random integer