PHP crc32() Function

Beginner
⏱️ 8 min read
📚 Updated: Jul 2026
🎯 5 Examples
String Functions

What You’ll Learn

The crc32() function computes a 32-bit CRC checksum of a string—a fast fingerprint used to detect accidental data changes. It returns an integer and is ideal for integrity checks, not for passwords or cryptographic hashing.

01

CRC32 Checksum

32-bit data fingerprint.

02

One Parameter

Pass string to hash.

03

Returns int

Integer checksum value.

04

Hex Display

Use dechex() or sprintf.

05

Fast Checks

Detect data corruption.

06

Not Crypto

Use hash() for security.

Definition and Usage

In PHP, crc32() generates the cyclic redundancy checksum of a string using the standard 32-bit CRC polynomial. The same input always produces the same checksum, and even a one-character change produces a different value—making it useful for spotting accidental corruption during transmission or storage.

💡
Beginner Tip

Think of crc32() as a quick “did this data change?” check—like a lightweight fingerprint. For passwords, API tokens, or anything an attacker might tamper with, use hash('sha256', $data) or password_hash() instead.

📝 Syntax

The crc32() function accepts one string parameter:

PHP
int crc32(string $string)

Parameters

  • $string — the data to checksum. Can be text or binary bytes.

Return Value

Returns the CRC32 checksum as a 32-bit integer. On 64-bit PHP installations the result is always positive. On 32-bit systems, large values may appear as negative integers—use sprintf("%u", $crc) for the unsigned decimal representation.

⚡ Quick Reference

Checksum
crc32($data)

Integer CRC32 value

Unsigned dec
sprintf("%u", crc32($d))

Always positive decimal

Hex string
dechex(crc32($d))

Lowercase hex (pad to 8)

Via hash()
hash("crc32b", $d)

8-char hex string

Examples Gallery

Run these examples in PHP 7+. Each demonstrates a common pattern beginners encounter with crc32().

📚 Getting Started

Calculate and display a CRC32 checksum.

Example 1 — Basic CRC32 Checksum

The simplest usage: pass a string and print the integer checksum.

PHP
<?php
$data = "Hello, PHP!";
$crc  = crc32($data);

echo "CRC32 of '$data': $crc\n";
?>

How It Works

Every byte in the string contributes to the final 32-bit value. The same string always produces 2195065251 on 64-bit PHP.

Example 2 — Display Unsigned Decimal and Hexadecimal

Format the checksum for logs, databases, or comparison with external tools that expect hex strings.

PHP
<?php
$data = "The quick brown fox jumped over the lazy dog.";
$crc  = crc32($data);

echo "Raw int:    $crc\n";
echo "Unsigned:   " . sprintf("%u", $crc) . "\n";
echo "Hex:        " . str_pad(dechex($crc), 8, "0", STR_PAD_LEFT) . "\n";
echo "Via printf: ";
printf("0x%08x\n", $crc);
?>

How It Works

  • sprintf("%u", $crc) forces unsigned decimal display on 32-bit PHP.
  • dechex() converts to hex; pad to 8 characters for a full 32-bit representation.
  • Hex is the most common format when comparing with zip files or network protocols.

📈 Practical Patterns

Integrity checks, hash() comparison, and security guidance.

Example 3 — Verify Data Integrity

Store a checksum when saving data, then recompute and compare when reading it back.

PHP
<?php
$payload  = "user=42&action=save";
$stored   = crc32($payload);  // saved alongside data

// Later, after transmission or storage...
$received = "user=42&action=save";
$check    = crc32($received);

if ($check === $stored) {
    echo "Integrity OK — data unchanged.\n";
} else {
    echo "Integrity FAIL — data was modified.\n";
}

// One character change breaks the match:
$tampered = "user=42&action=save!";
echo "Tampered match: " . (crc32($tampered) === $stored ? "yes" : "no") . "\n";
?>

How It Works

CRC32 detects accidental corruption quickly. It is not tamper-proof—an attacker who knows the algorithm can craft data with the same checksum.

Example 4 — crc32() vs hash("crc32b")

The hash() function can produce the same CRC32 checksum as an 8-character hex string.

PHP
<?php
$data = "Hello, PHP!";

$intCrc = crc32($data);
$hexPad = str_pad(dechex($intCrc), 8, "0", STR_PAD_LEFT);
$hashCrc = hash("crc32b", $data);

echo "crc32() int:     $intCrc\n";
echo "dechex padded:   $hexPad\n";
echo "hash('crc32b'):  $hashCrc\n";
echo "Match:           " . ($hexPad === $hashCrc ? "yes\n" : "no\n");
?>

How It Works

hash("crc32b", $data) is portable and returns hex directly—useful when integrating with tools that expect string hashes rather than integers.

Example 5 — CRC32 vs SHA-256 (Security Comparison)

Understand why CRC32 is for integrity checks, while SHA-256 is for cryptographic hashing.

PHP
<?php
$data = "CodeToFun";

$crc  = crc32($data);
$sha  = hash("sha256", $data);

echo "CRC32 (int):     $crc\n";
echo "CRC32 length:    " . strlen((string) $crc) . " digits (32-bit)\n";
echo "SHA-256:         $sha\n";
echo "SHA-256 length:  " . strlen($sha) . " hex chars (256-bit)\n";

// CRC32 is fast; SHA-256 is slower but cryptographically strong
echo "\nUse CRC32 for:   file download checks, cache keys\n";
echo "Use SHA-256 for: passwords, signatures, API tokens\n";
?>

How It Works

CRC32 has only 232 possible values, so collisions are inevitable for large datasets. SHA-256 provides vastly stronger collision resistance for security-sensitive applications.

🚀 Common Use Cases

  • File download verification — compare CRC32 of downloaded content against a published checksum.
  • Cache keys — generate short, deterministic keys from string content with crc32($key).
  • Network integrity — detect accidental bit flips during data transmission.
  • Duplicate detection — quick first-pass comparison before a deeper equality check.
  • Zip and archive formats — CRC32 appears in ZIP file headers and many binary formats.

🧠 How crc32() Works

1

PHP reads the input string

You pass text or binary data. Every byte in the string will be processed.

Input
2

CRC polynomial is applied

PHP runs the standard 32-bit CRC algorithm over all bytes, producing a compact checksum value.

Transform
3

32-bit integer is returned

The result fits in 32 bits. Format it as unsigned decimal or hex when storing or displaying.

Output
=

Data fingerprint

Compare later to verify the string has not changed.

📝 Notes

  • CRC32 is not suitable for passwords, digital signatures, or tamper-proof security.
  • On 32-bit PHP, use sprintf("%u", crc32($s)) to avoid negative integer display.
  • Empty string "" produces CRC32 value 0.
  • hash("crc32b", $s) returns the same checksum as hex—often easier for storage and comparison.
  • For cryptographic needs, use hash("sha256", $data) or stronger algorithms.

Conclusion

The crc32() function provides a fast, simple checksum for detecting accidental data changes. It returns a 32-bit integer that you can format as unsigned decimal or hexadecimal for storage and comparison.

Use it for integrity checks and cache keys; reach for hash() with SHA-256 or stronger when security matters.

💡 Best Practices

✅ Do

  • Use sprintf("%u", $crc) for portable unsigned display
  • Pad hex output to 8 characters with str_pad(dechex($crc), 8, "0", STR_PAD_LEFT)
  • Use CRC32 for quick corruption detection
  • Consider hash("crc32b") when you need a hex string directly
  • Pair with stronger hashes when both speed and security are needed

❌ Don’t

  • Use CRC32 for password storage or authentication tokens
  • Assume CRC32 prevents intentional tampering
  • Compare raw integers across 32-bit and 64-bit PHP without formatting
  • Rely on CRC32 alone for large-scale uniqueness (collisions exist)
  • Confuse CRC32 with MD5 or SHA cryptographic hashes

Key Takeaways

Knowledge Unlocked

Five things to remember about crc32()

Use these points whenever you compute checksums in PHP.

5
Core concepts
📈 02

Format Output

sprintf / dechex.

Display
🔄 03

hash("crc32b")

Hex string version.

Alternative
📧 04

Integrity Checks

Detect corruption.

Use case
05

Not Crypto

Use SHA-256 instead.

Security

❓ Frequently Asked Questions

crc32() calculates a 32-bit CRC (Cyclic Redundancy Check) checksum of a string and returns it as an integer. It is commonly used for quick data integrity checks, not for cryptographic security.
int crc32(string $string). Pass the data to checksum and receive a 32-bit integer. On 64-bit PHP the result is always a positive integer; on 32-bit systems it may appear negative.
PHP integers are signed. On 32-bit platforms, CRC values above 2^31-1 display as negative numbers even though the underlying checksum is valid. Use sprintf('%u', $crc) for the unsigned decimal string, or dechex($crc) for hexadecimal.
No. CRC32 is designed for error detection, not cryptography. It is fast but vulnerable to collisions and intentional manipulation. Use hash('sha256', $data) or password_hash() for security.
Both compute the same CRC32 polynomial. crc32() returns an integer; hash('crc32b', $data) returns an 8-character lowercase hex string equivalent to str_pad(dechex(crc32($data)), 8, '0', STR_PAD_LEFT).
Use it for quick checksums when verifying file downloads, detecting accidental data corruption, or building simple cache keys. Avoid it when security or strong collision resistance is required.

Explore More PHP String Functions

Continue with crypt(), explode(), and the rest of the string function reference.

Next: crypt() →

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

6 people found this page helpful