On 01/12/2015 01:31 AM, Andrea Faulds wrote: > Hi Rasmus, > >> On 12 Jan 2015, at 09:06, Rasmus Lerdorf <ras...@lerdorf.com> wrote: >> >> Yes, there is plenty of code out there that relies on srand()+rand() >> returning a repeatable sequence of pseudo-random numbers. I have written >> some myself. C devs are very familiar with this behaviour of srand. > > C devs are also familiar with the usage of strtok, but it doesn't make an API > with global state any less flawed. > > The problem with rand() and srand() is they're used for three different > purposes, only one of which they're terribly fitting for: > > - To produce a non-repeatable sequence of random numbers (works OK if srand() > isn't used) > - To produce a repeatable sequence of random numbers (works, but only if you > and the sole user of the global random number generator, which is not > guaranteed by any means)
Well, luckily PHP is not multi-threaded for the majority of PHP uses so you can be pretty sure you are the only user in your process. I suppose if you are in some massive framework and you have no idea what your framework is doing you could perhaps run into problems, but then you have other issues. Assuming you know what you are doing on a single request you get a guaranteed repeatable sequence of numbers and this is a super useful feature that we can't just arbitrarily kill because you think some people might use it incorrectly. -Rasmus
signature.asc
Description: OpenPGP digital signature
