Update, March 2014:

2014 年 3 月更新：

Firstly, it is important to note that uniqidis a bit of a misnomer as it doesnt guarantee a unique ID.

首先，重要的是要注意这uniqid有点用词不当，因为它不能保证唯一的 ID。

Per the PHP documentation:

根据PHP 文档：

WARNING!

This function does not create random nor unpredictable string. This function must not be used for security purposes. Use cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure ID.

警告！

此函数不会创建随机或不可预测的字符串。此功能不得用于安全目的。使用加密安全的随机函数/生成器和加密安全的散列函数来创建不可预测的安全 ID。

And

和

This function does not generate cryptographically secure tokens, in fact without being passed any additional parameters the return value is little different from microtime(). If you need to generate cryptographically secure tokens use openssl_random_pseudo_bytes().

此函数不会生成加密安全令牌，事实上，如果没有传递任何附加参数，返回值与microtime()几乎没有什么不同。如果您需要生成加密安全令牌，请使用openssl_random_pseudo_bytes()。

Setting more-entropy to true generates a more unique value, however the execution time is longer (though to a tiny degree), according to the docs:

根据文档，将 more-entropy 设置为 true 会生成更独特的值，但是执行时间更长（尽管程度很小）：

If set to TRUE, uniqid() will add additional entropy (using the combined linear congruential generator) at the end of the return value, which increases the likelihood that the result will be unique.

如果设置为 TRUE，uniqid() 将在返回值的末尾添加额外的熵（使用组合线性同余生成器），这会增加结果唯一的可能性。

Note the line increases the likelihood that the result will be uniqueand not that is will guaranteeuniqueness.

请注意该行，increases the likelihood that the result will be unique而不是那将保证唯一性。

You can 'endlessly' strive for uniqueness, up to a point, and enhance using any number of encryption routines, adding saltsand the like- it depends on the purpose.

您可以“无休止地”争取唯一性，直到某一点，并使用任意数量的加密例程进行增强，添加盐等 - 这取决于目的。

I'd recommend looking at the comments on the main PHP topic, notably:

我建议查看关于主要 PHP 主题的评论，特别是：

http://www.php.net/manual/en/function.uniqid.php#96898

http://www.php.net/manual/en/function.uniqid.php#96898

http://www.php.net/manual/en/function.uniqid.php#96549

http://www.php.net/manual/en/function.uniqid.php#96549

http://www.php.net/manual/en/function.uniqid.php#95001

http://www.php.net/manual/en/function.uniqid.php#95001

What I'd recommend is working out whyyou need uniqueness, is it for security (i.e. to add to an encryption/scrambling routine)? Also, Howunique does it need to be? Finally, look at the speed consideration. Suitability will change with the underlying considerations.

我的建议是弄清楚为什么你需要唯一性，是为了安全（即添加到加密/加扰例程）？此外，它需要有多独特？最后，看一下速度的考虑。适用性会随着潜在的考虑而改变。

Things are only unique if you check that they don't exist already. It doesn't matter what function you use to generate a 'random' string, or ID - if you don't double check that it isn't a duplicate, then there's always that chance.. ;)

只有当您检查它们不存在时，事物才是唯一的。您使用什么函数来生成“随机”字符串或 ID 并不重要 - 如果您不仔细检查它不是重复的，那么总是有机会.. ;)

While uniqid is based on the current time, the cautionary note above still applies - it just depends on where you will be using these "unique IDs". The clue to all this is where it says "more unique". Unique is unique is unique. How you can have something which is more or less unique, is a bit confusing to me!

虽然 uniqid 基于当前时间，但上面的警告仍然适用 - 这仅取决于您将在何处使用这些“唯一 ID”。所有这一切的线索是它说“更独特”的地方。独一无二是独一无二的。你怎么能拥有或多或少独特的东西，让我有点困惑！

Checking as above, and combining all this stuff will let you end up with something approaching uniqueness, but its all relative to where the keys will be used and the context. Hope that helps!

如上所述检查，并结合所有这些东西会让你最终得到一些接近独特的东西，但这一切都与键的使用位置和上下文有关。希望有帮助！

From the discussions about the function on the PHP manual site:

来自 PHP 手册站点上有关该函数的讨论：

As others below note, without prefix and without "added entropy", this function simply returns the UNIX timestamp with added microsecond counter as a hex number; it's more or less just microtime(), in hexit form.

[...]

Also worth to note is that since microtime() only works on systems that have gettimeofday() > present, which Windows natively DOES NOT, uniqid() might yield just the single-second-resolution UNIX timestamp in a Windows environment.

正如下面的其他人所指出的，没有前缀也没有“添加熵”，这个函数简单地返回带有添加微秒计数器的 UNIX 时间戳作为十六进制数；它或多或少只是 microtime()，十六进制形式。

[...]

还值得注意的是，由于 microtime() 仅适用于具有 gettimeofday() > 存在的系统，而 Windows 本身并不适用，因此 uniqid() 在 Windows 环境中可能仅产生单秒分辨率的 UNIX 时间戳。

In other words without "more_entropy", the function is absolutely horrible and should never be used, period. Accoding to the documentation, the flag will use a "combined linear congruential generator" to "add entropy". Well, that's a pretty weak RNG. So I'd skip this function entirely and use something based on mt_randwith a good seed for things that are not security-relevant, and SHA-256 for things that are.

换句话说，如果没有“more_entropy”，该函数绝对是可怕的，永远不应该使用，句号。根据文档，该标志将使用“组合线性同余生成器”来“添加熵”。嗯，这是一个非常弱的RNG。所以我会完全跳过这个函数，并使用基于mt_rand的东西，对于与安全无关的事情，使用很好的种子，而对于安全相关的事情，使用 SHA-256。

Without the more_unique flag, it returns the unix timestamp with a microsecond counter, therefore if two calls get made at the same microsecond then they will return the same 'unique' id.

如果没有 more_unique 标志，它会返回带有微秒计数器的 unix 时间戳，因此如果在同一微秒内进行两次调用，则它们将返回相同的“唯一”ID。

From there it is a question of how likely that is. The answer is, not very, but not to a discountable degree. If you needa unique id and you generate them often (or work with data generated elsewhere), don't count on it to be absolutely unique.

从那里开始，这是一个可能性有多大的问题。答案是，不是很大，但不是打折扣的程度。如果您需要一个唯一的 id 并且经常生成它们（或使用在其他地方生成的数据），请不要指望它是绝对唯一的。

The relevant bit from the source codeis

源代码中的相关位是

if (more_entropy) {
    uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10);
} else {
    uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);
}

So more_entropyadds nine somewhat random decimal digits (php_combined_lcg()returns a value in (0,1)) - that's 29.9 bits of entropy, tops (in reality probably less as LCG is not a cryptographically secure pseudorandom number generator).

所以more_entropy添加九个有点随机的十进制数字（php_combined_lcg()返回一个值(0,1)） - 这是 29.9 位的熵，最高（实际上可能更少，因为 LCG 不是加密安全的伪随机数生成器）。