PHP RFC: Deprecate uniqid()
- Version: 0.1
- Date: 2017-05-24
- Author: Niklas Keller, firstname.lastname@example.org
- Status: Under Discussion
- First Published at: http://wiki.php.net/rfc/deprecate-uniqid
uniqid(), against all expectations from the name, doesn't produce unique IDs. While there is a
sleep() to prevent multiple duplicate IDs in the same process, there's no such guarantee and even a rather high probability of duplicate IDs with more processes or even multiple servers. This is due to
uniqid() being time based and adding only insufficient random.
This RFC proposes to emit deprecation warnings for any usage of
uniqid(). Current usages should be replaced with either
bin2hex(random_bytes(16)) (or any other encoding of choice) or an UUID implementation.
Backward Incompatible Changes
All BC breaks are intentional and outlined in the RFC.
Proposed PHP Version(s)
Deprecation notice in PHP 7.3 and removal in PHP 8.0.
Proposed Voting Choices
Simple yes / no vote with 2/3 majority.
Maybe a second vote for skipping removal in PHP 8.0 and delaying it to a later RFC.
Patches and Tests