On 03/05/2020 09:54, Jakob Givoni wrote:
I'm using this function frequently, but I am ok with deprecating it as I think the name is dangerously misleading - basically, anything that mentions "unique" without saying to what, is a misnomer. However, as it's useful to have a function in core that gives you a random string with a fixed length that is unique within some well-defined boundaries, I'd like to be sure there is an easy replacement for the function when the time comes to upgrade php. Ideally something that is guaranteed to be unique within the current php process and takes the same arguments as uniqid.
I definitely think that all deprecations should come with clear guidance of either "use this instead" or "what you're doing is fundamentally wrong".
I'm not sure it needs to retain the same arguments, or even the same output format, though, just fit the same use cases. The prefix can be added trivially, and the "hex, dot, numeric" output of the "more entropy" version is not often particularly helpful.
A common suggestion is to use binhex(random_bytes($desired_length / 2)), which isn't particularly elegant, and in my experience, the main requirement is "a unique string of printable/alphanumeric characters, so limiting to [0-9a-f] is just limiting entropy for no reason.
I wonder if we could add a parameter to random_bytes, or an accompanying function, that would return only alphanumeric characters; or perhaps accept a range of characters to allow in some form.
Regards, -- Rowan Tommins (né Collins) [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
