Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96446 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 61472 invoked from network); 18 Oct 2016 20:38:35 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Oct 2016 20:38:35 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:41772] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A7/34-40890-84886085 for ; Tue, 18 Oct 2016 16:38:34 -0400 Received: (qmail 41350 invoked by uid 89); 18 Oct 2016 20:38:28 -0000 Received: from unknown (HELO mail-qt0-f176.google.com) (yohgaki@ohgaki.net@209.85.216.176) by 0 with ESMTPA; 18 Oct 2016 20:38:28 -0000 Received: by mail-qt0-f176.google.com with SMTP id f6so3704221qtd.2 for ; Tue, 18 Oct 2016 13:38:28 -0700 (PDT) X-Gm-Message-State: AA6/9RkW7CMaRwFKHU6CYJFJmgxAGvT+KDXCmT6rMRdb/62HL272GA4/HFxaI9EWXOyjtIvoVPbf98U2iLHdqA== X-Received: by 10.237.37.197 with SMTP id y5mr2659447qtc.8.1476823102282; Tue, 18 Oct 2016 13:38:22 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.84.168 with HTTP; Tue, 18 Oct 2016 13:37:41 -0700 (PDT) In-Reply-To: <51572015-11e8-a79b-3f88-0f748c22a498@gmail.com> References: <070001d2295e$76b7d730$64278590$@belski.net> <51572015-11e8-a79b-3f88-0f748c22a498@gmail.com> Date: Wed, 19 Oct 2016 05:37:41 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Rowan Collins Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Rowan, On Wed, Oct 19, 2016 at 5:14 AM, Rowan Collins wrote: > On 18/10/2016 20:52, Yasuo Ohgaki wrote: >> >> Which is important? >> - uniqid() is not unique >> - Really broken system that shouldn't be used may emit error > > > Frankly, both are pretty rare cases. From the way you talk about it, > everybody who uses uniqid() will get duplicate values all the time, when in > fact, it's incredibly unlikely that anyone will even notice. > > I know when I've used it, it's for things like avoiding duplicate id > attributes on an HTML page, or varying the URL of an asset by adding a token > to the URL. It's perfectly usable as is for those situations, and I use it > with full knowledge that it has a small chance of generating colliding > values. > > I'm happy to see it improved, but I don't see any hurry, unless I'm > completely misunderstanding the chances of seeing collisions. This is reasonable discussion. I do use uniqid() for HTML id attributes. It is difficult to detect id collisions since it's not server side. (Technically it can, but it requires more resources) While it works almost always, but it should be better than now. Otherwise, I'm very uncomfortable with uniqid(). Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net