uniqid() in PHP generates a unique ID based on the current timestamp in microseconds. Is that really a foolproof way to generate a unique ID?
Even assuming there's a single user running a single script with a loop generating a timestamp in microseconds, can there still really be a theoretical guarantee that it's unqiue? And in practice, is the likelihood completely negligible?
For clarity, say your loop is nothing more than this:
foreach($things as $thing){
var_dump(microtime());
}
is there any theoretical chance it might not be unique and, if so, how realistic is it in practice?
It will be unique and if same timestamp insert/update came, can be ignored or override with no problem.
Time including microseconds is useful for generating unique IDs. When combined with the current process ID, it guarantees a unique ID, as long as a process doesn't generate more than one ID per microsecond: list($microseconds,$seconds) = explode(' ',microtime()); $id = $seconds.
Basically all you need to do is use the atomic counter value to add addition fixed width precision to your timestamp.
Microsecond based ids are only guaranteed to be unique within limits. A single threaded scripts on a single computer is probably pretty safe in this regard. However, as soon as you start talking about parallel execution, be that simply on multiple CPUs within the same machine or especially across multiple machines, all bets are off.
So it depends on what you want to use this id for. If you're just using it to generate an id which is used only within the same script, it's probably safe enough. For example:
<?php $randomId = uniqid(); ?>
<div id="<?php echo $randomId; ?>"></div>
<script>
var div = document.getElementById('<?php echo $randomId; ?>');
...
</script>
You very likely won't encounter any problems here with this limited use.
However, if you start generating file names using uniqid
or other such uses which are shared with other external scripts, I wouldn't rely on it. For filenames, using a hash based on the file contents may be a good idea. For general purpose decentralised randomly generated ids, UUIDs are a good fit (because they've been designed for this purpose).
Ask yourself why you need uniqid in the first place. For instance, I use uniquid as the filename of uploads to my website. There can be any number of users who upload at the same time so what I am concerned with is two or more files having the same id, BUT I know that a single user can only upload one file at a time. So, I prepend the username in front and will always have uniqueness.
echo uniqid('username-'); // username-5621e3335ac0c
Of course, you should always ask yourself if you need to use uniquid in the first place. If you know the reason you are creating the id can only happen every x seconds, minutes, etc then you can create an id the same way just use time :
echo 'username-'.time(); // username-1445062025
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With