I am looking into some code that was done for our basket by someone else. I intend to use similar code myself in the new web site I am writing. it is pasted below.
I realise this bit of code generates the customer transaction code. But what makes it random and unique? Why has the web designer used rand twice? Surely once would be fine!? And also how does this code always remember the codes used previously? The current site does not use MySQL. It just uses PHP in the basket but I can see no way it ensures it is unique. We have not encountered a problem with uniqueness of customer transaction numbers, so how does it make sure of this — is it just lucky — is there more than can be done — particularly as the new site does use MySQL.
This is strongly not recommended. Use an auto increment primary key on the database table that stores the transactions. With 32 bit integers even if your system takes a transaction every second you won’t run out of id’s for 60 years, and I imagine by that time you can rewrite to 64 bit integers and then see you in a few million years.
Random transaction ids will, eventually, lead to a collision. Even if you use a hash function like md5 to create the string eventually you are going to get two data streams that create the same hash. When that happens your system will crash and it will be a royal pain in the a** to figure out why. The odds are extremely low, but they aren’t non-zero and never underestimate Murphy’s Law.