0

Can anyone specify the possibilities of -

  1. Randomness?
  2. Unique?
  3. Safe and Secure to use?
  4. User shouldn't identify the next generation number or previous one? from this

substr(str_shuffle(str_repeat("0123456789abcdefghijklmnopqrstuvwxyz", 5)), 0 , 5);

found this in - Generate random 5 characters string

Purpose of this is to display it as order-id for users in eCommerce site and i shouldn't get the duplicate,predict the next or insecure for the users.

Let's assume order per days will be 10,000. Which means i need at-least 10,000 unique order-id. Is this 5-digit unique enough to go-ahead?

In least-case i can use YYMMDD-XXXXX,but prefer without date,if possible!!

Community
  • 1
  • 1
varun kumar
  • 115
  • 1
  • 12
  • 1
    You can't guarantee that it will be unique, not if it really is simply random... to guarantee uniqueness, you'll need to check against a list of previously generated values – Mark Baker Jan 01 '15 at 23:17

4 Answers4

2

Another way to generate pseudo random bytes is available in the openssl extension, official documentation here

But as mentioned before, you will always have to check if the generated random id has already been used. (and regenerate another random string until you have a unique one)

Instead, I strongly urge you to first think really hard why you would want to use random order ids. What problem are you trying to solve by not using auto-increment?

snout1979
  • 594
  • 2
  • 8
1

If you want a pseudo random number, that is unique and hard to guess, you should consider using a GUID/UUID. GUID generation libraries are available for most languages.

http://en.wikipedia.org/wiki/Globally_unique_identifier

superultranova
  • 1,294
  • 8
  • 14
1

If you truly want the output to be "unpredictable" and "unique", you will not only have to check the values against previously generated ones, but also may consider using a CSPRNG, depending on how much important the IDs are. If they are only used for naming and sorting, the normal RNG should be enough.

Note the difference between rand() and mt_rand() in PHP, the latter using the Mersenne twister, a PRNG that produces with quite enough randomness for your needs.

In any case, the 5-digits are more than sufficient for your needs, as only with numbers (0-9) you get 10 ^ 5 ( = 100k ) possibilies.

Tacticus
  • 561
  • 11
  • 24
  • Yes, i have gone thru uniqid(), sha1(), rand(), mt_rand(), md5() but again with all this,according to other posts as well people have said chances of duplicate, i just needed to know weather i have a better output with str_shuffle() and str_repeat(),because out of first 5000 numbers i hardly found a duplicate but wanted an expert suggestion to go ahead,anyways thanx for suggestion. – varun kumar Jan 02 '15 at 13:07
0

You can do both. You can have a random string that functions as the Unique ID that relates the order, cart, customer, etc tables db together. AND you can used a standard incrementing ID for the Order number that is given to the Customer. The reason to consider this -- over time it will make it much easier for the admins fulfilling the orders if the order numbers are sequential.

The best is if the final "order" record ID is not generated until the transaction has cleared or the order has really completed - then your order numbers will be sequential.

If you are generating a random string -- then you have to check the string at least once to make sure there is not a duplicate.

I was using a random string but then i changed over to datetime + microseconds + random string -- no concerns about duplicates and the unique id has some useful info.

cartalot
  • 3,147
  • 1
  • 16
  • 14