uniqid() in PHP generates a unique ID based on the current timestamp in microseconds. Is that really a foolproof way to generate a unique ID?
Even assuming there's a single user running a single script with a loop generating a timestamp in microseconds, can there still really be a theoretical guarantee that it's unqiue? And in practice, is the likelihood completely negligible?
For clarity, say your loop is nothing more than this:
foreach($things as $thing){
var_dump(microtime());
}
is there any theoretical chance it might not be unique and, if so, how realistic is it in practice?
Ask yourself why you need uniqid in the first place. For instance, I use uniquid as the filename of uploads to my website. There can be any number of users who upload at the same time so what I am concerned with is two or more files having the same id, BUT I know that a single user can only upload one file at a time. So, I prepend the username in front and will always have uniqueness.
Of course, you should always ask yourself if you need to use uniquid in the first place. If you know the reason you are creating the id can only happen every x seconds, minutes, etc then you can create an id the same way just use time :
Microsecond based ids are only guaranteed to be unique within limits. A single threaded scripts on a single computer is probably pretty safe in this regard. However, as soon as you start talking about parallel execution, be that simply on multiple CPUs within the same machine or especially across multiple machines, all bets are off.
So it depends on what you want to use this id for. If you're just using it to generate an id which is used only within the same script, it's probably safe enough. For example:
You very likely won't encounter any problems here with this limited use.
However, if you start generating file names using
uniqid
or other such uses which are shared with other external scripts, I wouldn't rely on it. For filenames, using a hash based on the file contents may be a good idea. For general purpose decentralised randomly generated ids, UUIDs are a good fit (because they've been designed for this purpose).