PHP RFC: Deprecate uniqid()
- Version: 0.1
- Date: 2017-05-24
- Author: Niklas Keller, email@example.com
- Status: Draft
- First Published at: http://wiki.php.net/rfc/deprecate-uniqid
uniqid(), against all expectations from the name, doesn't produce unique IDs. While there is a
sleep() to prevent multiple duplicate IDs in the same process, there's no such guarantee and even a rather high probability of duplicate IDs with more processes or even multiple servers. This is due to
uniqid() being time based and adding only insufficient random.
This RFC proposes to emit deprecation warnings for any usage of
uniqid(). Current usages should be replaced with either
random_bytes() (maybe in combination with
bin2hex() or any other encoding of their choice) or an UUID implementation of the developer's choice.
Backward Incompatible Changes
All BC breaks are intentional and outlined in the RFC.
Proposed PHP Version(s)
Deprecation notice in PHP 7.3 and removal in PHP 8.0.
Proposed Voting Choices
Simple yes / no vote with 2/3 majority.
Patches and Tests