Is the ID generated by PHP's uniqid function really unique?

I have recently used uniqid and have questions? What does the id generated by uniqid consist of? Is it really the only one? Under what circumstances will conflicts arise?

See from the document that the uniqid function has two parameters

The structure of uniqid

Look at the source code:

PHP_FUNCTION(uniqid)
{
    ...
    gettimeofday((struct timeval *) &tv, (struct timezone *) NULL);
    sec = (int) tv.tv_sec;
    usec = (int) (tv.tv_usec % 0x100000);

    ...    if (more_entropy) {
        uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10);
    } else {
        uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);
    }

    RETURN_STR(uniqid);
}

Basically understand it clearly. uniqid is composed of four parts:

prefix + sec + usec + “.” + php_combined_lcg

where prefix is ​​the first parameter of the uniqid function. It is a string, and whatever is passed in is returned directly.

sec is the second of the current clock and usec is the millisecond, both values ​​are obtained from gettimeofday. In other words, as long as they are on one machine, the sec and usec obtained by two PHP programs in the same millisecond are the same.

php_combined_lcg is determined by the second parameter of uniqid, which is an entropy value. It uses linear congruence to generate a random number between 0 and 1. If the second parameter is true, there is this value. If the second parameter is false, there is no value.

For example:

➜  ~ php -r 'echo uniqid("my_", true);'my_5afe9b414c2141.76621929

Conclusion

So, if we simply use the uniqid() method without any parameters, this method can only guarantee a single process. are unique within the same millisecond. If using uniqid("", true). With an entropy value, it already has a random method to ensure the randomness of the generated ID. However, since linear congruence is a relatively simple algorithm for generating random numbers, the randomness may not be enough. Therefore, a more random numerical method circulated on the Internet is:

uniqid(mt_rand(), true)

Among them, mt_rand() generates random numbers. Instead of using linear congruence to generate random numbers, use the Mersenne Twister Random Number Generator (Messenne Twister Algorithm). In other words, the above id is generated by two random algorithms + timestamp. Basically, this algorithm can guarantee uniqueness to a large extent (if you want to ask about the conflict rate, it is estimated that only mathematics students can figure it out...).

The ID given above will have a period, and the length is not 128 bits. If you want to generate a uuid, you need a hash, whether it is md5 or sha1. So there is another way to generate unique codes on the Internet. (php video tutorial)

md5(uniqid(mt_rand(), true))

However, essentially, the randomness of these two methods is equal.

md5(uniqid(mt_rand(), true))-------- I personally testify that this effect is good, not heavy, but irregular----my own words

The above is the detailed content of Is the ID generated by PHP's uniqid function really unique?. For more information, please follow other related articles on the PHP Chinese website!