On 9/9/16 4:36 AM, Arvids Godjuks wrote:
It's also useful in other cases, where using a full blown true random
source is just overkill.
Users should not hesitate to use random_bytes() or php_random_bytes() or
any of the functions that use them.
For example, my recent usage was to use the result of uniqid('', true) as a
few parameters in URL's instead of plain numeric ID. Client just wanted to
users can't do a +1 and see someone else's result page that might have a
different text or a different campaign even. And I do need to generate
those id's in bursts - 200 to 600 id's in a single action, I would imagine
generating 600 random strings of ~20 char length can be hard on the source
of the randomness, may even deplete it.
It is not possible to deplete this source of randomness.
And I expect the numbers to grow.
So, deprecating it I think is really an overreaction. It's a handy tool. It
can be used to generate filenames too, and a lot of other stuff.
My thoughts are - improve it. Yes, the standard uniqid() is a bit too
short, I have never used it without the second "true" parameter and that
dot in the middle of the string is annoying - I had to strip it out every
use case I had.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
