Do you need to check that a 40-char random string has collisions? Do you have an astonishing number of unique strings to deal with? I'm just thinking of your example 40 random alphanum chars the number of possibilities is ([a-z] * [A-Z] * [0-9]) ^ 40 == (26 * 26 * 10) ^ 40 == a huge number :

86106723393064612671464632171892202664634613760000000000000000000000\
000000000000000000

Just seems a little overkill for something that remote - I can see the use for maybe a 4-digit one or something? Just wondering what your use-case is really (say instead of a uuid or sha* hash) :-)

@sunergetic @ohffs if you want to ensure 99.999% unique string you can do something like:

• generate random 60 characters
• append the microtime function's result to it
• run it through a hashing algorithm such as md5/sha1/etc
• pad the string to the desired amount

The change to get a collision here is so small as you can safely assume there isn't such a string. Adding the microtime results here AND padding it again basically ensures that

@kfirba I know - that's why I was asking what the use case was rather than using a hash function ;-)

Why not unsing Uuids? https://github.com/webpatser/laravel-uuid

@kfirba @ohffs The function creates a unique string to store in the database, similar to the validation unique:users,email. Because it validates the result in the database, it is guarantueed that the output is 100% unique, because no assumations are made.

For my use case anything below 100% chances of being unique is a no-no. Over time ID's maybe re-generated.

@dpde uuids are probably great, but for my use-case i don't need any non-alpha numeric characters

Here are some sample outputs for my use case:

RdWITIZE4jyJAnZcGhhbtJKEKniPxw2WQGErXqna
wZKl3vokGcOo60j37rWauS8jIZC9JeuXEQb4hwfV
mk8h94ynhQgPTYQRLocckMvYKGzFSW3LFN8vgV9K

You get the basic idea :)

@sunergetic my "solution" can be safely treated as 100% unique.

Do the math, generating 60 random characters, the collision chance is 1.596608e-228 now add the microtime() result to that - what's the chance that in 1 MS you proccessed a whole new request and generated random 60 characters? Almost impossible. now lets shorten that by running it through a fast hash function and pad it to the desired amount, another 8 characters. The change to get a collision in those 8 characters is 2.2931182e-29.

Now calculating the chance to get a collision in total, omitting the chance to get the same result from microtime (which makes the chance of collision much much much Lowe) is 3.66121e-259. Oh yea, if we want to deduct it even further, make the initial string longer than 60 characters. If you need more than 40 characters in total, that deduct the change even further. That means 0% of collision - just saying.

@sunergetic I think you're aiming for 100% where it's very hard to achieve compared to 99.99999999999999% :-) For instance if I use your code I can get two of the same "unique" strings in two requests - again it's very unlikely, but it's a chunk of code that just replicates a good hash. Eg,

GET /save
$unique_thing = unique_random('users', 'auth_token', 40);
// do some stuff
$user->auth_token = $unique_thing;
$user->save();

If two requests come in very close together during the 'do stuff' part then both could get the same unique_thing. If you see what I mean, I think the unique_random function is giving you a false sense of '100%' compared to just $unique_thing = well_known_hash_function(); which equally could get the same value, but without hitting the DB at all or giving any sense of a guarantee (beyond well understood mathematics).

@ohffs @kfirba You both have good points! I'm pretty sure that everything the human makes can be broken. For my particular use case there is no point in fixing it, because it's not broken :)