Better
random source for uniqid()
Computer programs frequently need unique identifiers. Quite often, an autoincrement index of the database is used. But what if you do not have a database at hand, because you are writing a standalone script?
Even though PHP has a built-in function uniqid() to
create unique values (or identifiers), you should be aware that they
should never be used for cryptography, and are not really guaranteed
to be unique. If you require unique identifiers, you should look
into the UUID (Universally Unique Identifier) standard. Generating a
UUID, however, requires an external library or operating system
functionality, and technically there is still no guarantee that
there are no collisions. Collisions are extremely unlikely, but
technically they can still happen.
Sometimes you just need a quick and easy unique identifier. In
that case, you can use uniqid(). In PHP 7, the source
of randomness that is used internally to generate those unique
identifiers has been changed and collisions are now less likely.
Still, bear in mind to not use those so-called unique identifiers
for cryptography!