Creating a really unique order id in PHP?

I am considering using this:

My idea is to use a mixture between 2 and 3. But my question is that although the chances are small, there is still a chance that two orders of the same order # could be generated if I tune the result with only 5 characters ? What about 3? 2? 1? Surely if it is 1, there is a 1 / (26 + 10) chance that the ID will be the same?


source to share

6 answers

Assuming your users are authenticated and have a user id:

$unique_id = time() . mt_rand() . $userid;


If the same user requests this page a second time in one second, there will still be a 1 in chance mt_getrandmax()

, which on my machine returns 2147483647. Perhaps you can live with that?

If your users are not authenticated, you can use a hash of your IP address if you like.



Why do you need a unique identifier?

If you want to create a unique identifier in your DB, leave it in your DB using auto increment.

Anyway, you can use a combination of microtime () and rand (). You are pretty unique.

Edit, regarding OP's comment:

You cannot have "always unique" if. Or if you find out how you will win the turing award.

Even the best math concessions leave you with the taste of "yes, but every 15645736536475 times, I'll be screwed."

The only way is to have a counter that you increment every time you need a new id. This is how DB does. Why do you need an ID before inserting?



If you are relying on a random string, then yes, it is theoretically possible that the two IDs will be the same. This is why a long random string is used to make such a possibility so unlikely to be acceptable. The probabilities can be calculated: for example, if an identifier consists of the current time (to the nearest second) and a random 5-digit alphanumeric string, and suppose 3 identifiers are generated within one second, then the coefficients of two (or more) are the same: 1 - (38 ^ 5! / (38 ^ 5-3)! / 38 ^ 5 ^ 3) = 3.79e-8. Most people would agree that such odds are not enough for practical applications, which is why the page you link to suggests 10 characters instead.

If you have a session ID, username, etc., then you can use that in your order ID to help you.



taken from PHP uniqid s manpage:

$better_token = md5(uniqid(mt_rand(), true));


although it is better to leave md5

-part out (reduces the number of tokens to 2 ^ 128)

if you are using a database then yes you should let your DBMS handle the ID generation



You can use microtime and sha256 hashing or no hashing.

 $generate_order_id  = hash('sha256', microtime() );




if you are using a database you have to let your DBMS handle the generation of identifiers.

If you want to do it yourself, there is a way ... not the best one, but it gets the job done.

First get all existing uids from db and then do a while ...

$uids_in_db = []; //<< get here the uids from id. Use array_flip so the uids to be the keys in the array ( because isset is faster than in_array )


    $uid = generate_somehow_a_random_uid();

} while ( isset( $uids_in_db[$uid]) );


This way you want to ensure that you don't have duplicate uids, and if so, then do time will create a new one.

Note: using this method, you have to make an additional query to the DB and use the function inside the loop, so this is not the fastest way ...



All Articles