2018-05-10 16:33 GMT+02:00 Niklas Keller <m...@kelunik.com>: > Hey, > > I hereby propose to deprecate uniqid(). There have been attempts to fix it > ( > https://wiki.php.net/rfc/uniqid), but those were rejected during > discussion, because there's no possible fix without breaking BC. Instead of > a subtle BC break, this RFC favors the deprecation and moving users to > other functions. > > It's to be discussed whether the function should be removed with PHP 8.0 or > just deprecated to avoid fully breaking things where it's not strictly > necessary. A deprecation will probably avoid most new usages, which is the > main goal. > > RFC: https://wiki.php.net/rfc/deprecate-uniqid > > Kind Regards, > Niklas > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > Hello,
as a userland user of this function I do disagree with it's outright removal. It has it's uses. What can be done with it is drop the $more_entropy flag and make it generate at least as long strings and use random_bytes under the hood for a better random. It can also adopt a length parameter so you can vary the random part as much as you need it. You don't always need a truly random token - I have a system that uses uniqid to generate tens of thousands tokens per request and it's actually a good thing they are time based at the start of it with a random part at the end (as I said the random part should be improved and get rid of that stupid dot when generating with $more_entropy = true). -- Arvīds Godjuks +371 26 851 664 arvids.godj...@gmail.com Skype: psihius Telegram: @psihius https://t.me/psihius
