Cryptographically secure and unique string in PHP

Question

I've been using

$string = bin2hex(openssl_random_pseudo_bytes(16)) . uniqid();

Because I need some string that is both crytopgrahically secure and unique. Question is: is this a naive approach? By using the result of uniqid() tacked onto the end of the string,am I giving away any information that might compromise the security of the string? I ask this because uniqid() is based on system time, and my concern is whether that could give any information away that allows an attacker to guess future outputs?

Thanks

Answer 1

You should use one from the following to generate crytopgrahically secure unique string/number,

1. bin2hex(openssl_random_pseudo_bytes(16, TRUE)); // Refer manual - (PHP 5 >= 5.3.0, PHP 7)
2. bin2hex(random_bytes(16)); // Refer manual - (PHP 7)
3. If you want to generate random number, you can use random_int(100, 999) // Refer manual - (PHP 7)