Generate a 10 digit unique id every time

**Markus** · Oct 17 '07, 03:31 PM

Maybe you could pull out, of your db, all the rand IDs assigned and then evaluate them against the rand ID you're going to assign to the newly uploaded file, if the rand ID matches any; create a new one.

I'm not sure what the coding would be as i have no idea whether you can have a new rand ID generated.

Not sure..

**gamernaveen** · Oct 18 '07, 04:07 AM

Thats true ,am coding a file uploader-downloader , the user gets the unique id for his file , and whenever he wants , he enters it to download.
I'll try evaluation from the db , but was looking for a better way. I mean just like credit card numbers , every number is unique with them.

**JeremyMiller** · Oct 18 '07, 05:53 AM

If you don't want the number to be easily guessable, but with moderate security, you have 2 choices as far as I can tell:

1) Run the database id with a secret seed code through a hash function. Problem here is that hashes are usually more than 10 characters.

2) Run the database id through a function which is one-to-one. Any ole function will work, but if you make it non-linear, then you'll be doing a bit better. If it's 10 digits that you're talking about though, you only have 10,000,000,000 possible results, so if you can get a function that will return numbers less than 10 billion for all reasonable values of your user id (and pad to the left with zeroes [e.g. 1 would be the code 0000000001]), then you should be good. Oh, and the function would have to return integer results.

Let's see if I can suggest one and sound less mathematical... I'll come back to this after I do the math (have to create the inverse function too, right?)

**JeremyMiller** · Oct 18 '07, 06:50 AM

hmmm...Messing around with functions for awhile and testing inverses, I'd probably stick with a straight polynomial whose closed-form inverse is easy to find. The big pain here is that they all be integers :) Much easier if that restriction is removed.

OK. So that's in the dump, what about using letters too? You could then do the username concatenated with the download id with padding as necessary.

**Motoma** · Oct 18 '07, 01:29 PM

Why not just use the primary key (your auto-increment) field padded with zeros?

**ronverdonk** · Oct 18 '07, 04:11 PM

If you have to stick by the 10-char identifier: generate a 9 byte field and add a suffix (range 0-Z), that will make it so that you can have 36 more of the same generated id.

Code:

1. generate 9-char unique number $num
2. check if that number $num is already in database, e.g. 
    SELECT id FROM table WHERE id LIKE '$num%' ORDER BY id DESC
3 if any result: get highest id and increment by '1' (you have range '0' to 'Z')
  if no result : store record with id+'0'

Ronald

**gamernaveen** · Oct 19 '07, 08:05 AM

Originally posted by JeremyMiller

If you don't want the number to be easily guessable, but with moderate security, you have 2 choices as far as I can tell:

1) Run the database id with a secret seed code through a hash function. Problem here is that hashes are usually more than 10 characters.

2) Run the database id through a function which is one-to-one. Any ole function will work, but if you make it non-linear, then you'll be doing a bit better. If it's 10 digits that you're talking about though, you only have 10,000,000,000 possible results, so if you can get a function that will return numbers less than 10 billion for all reasonable values of your user id (and pad to the left with zeroes [e.g. 1 would be the code 0000000001]), then you should be good. Oh, and the function would have to return integer results.

Let's see if I can suggest one and sound less mathematical... I'll come back to this after I do the math (have to create the inverse function too, right?)

Wow that sounds great...

**gamernaveen** · Oct 19 '07, 08:20 AM

ronverdonk and JeremyMiller , looking forward for your replies.

**ronverdonk** · Oct 19 '07, 09:33 AM

Before going into all these methods, some simple, some rather complicated, the question is: is there any reason to have this limitation of 10 digits?

Using alpha's or extending the number of digits would make all a lot easier and you would extend your range of possible unique's significantly.

Ronald

**JeremyMiller** · Oct 19 '07, 06:31 PM

Originally posted by gamernaveen

ronverdonk and JeremyMiller , looking forward for your replies.

I did reply -- creating a one-to-one function over the integers whose inverse was also able to be expressed as a function was more work than I wanted to do. Of course, you could do something simple like y=x^2+3, but that's fairly easy to crack (the inverse for the non-mathematical is y=sqrt(x-3) and is valid as the domain is integers greater than 0. You could then pad the number with leading zeroes. I was looking for a function that's a bit more fun, though.

Originally posted by ronverdonk

Before going into all these methods, some simple, some rather complicated, the question is: is there any reason to have this limitation of 10 digits?

Using alpha's or extending the number of digits would make all a lot easier and you would extend your range of possible unique's significantly.

Ronald

I second that. If you remove the 10 digits limit, you could just return a sha1 hash of the record id joined with a secret seed code and be set to go. That's what I usually do (and sometimes I bind it to the username as well).

**Motoma** · Oct 19 '07, 08:05 PM

Originally posted by JeremyMiller

I second that. If you remove the 10 digits limit, you could just return a sha1 hash of the record id joined with a secret seed code and be set to go. That's what I usually do (and sometimes I bind it to the username as well).

Problem with SHA1 is collisions, though with a reduced character set for input, you can all but count that out.

Have you thought about using a random number, and keeping the column in your MySQL table UNIQUE? If you follow this route, and the INSERT fails, you can just create another one.

**JeremyMiller** · Oct 20 '07, 01:51 AM

I never have had any trouble with collisions using sha1 or md5. I've started to use the better hash functions available in PHP 5. Also, binding to the username helps reduce the likelihood of a problem there.

I like the idea of a random number, though! For my own code, I'll stick with hashes, though. :)

**JeremyMiller** · Oct 20 '07, 01:55 AM

Originally posted by gamernaveen

The problem is I want to generate a 10 digit unique code , which makes it simple for the user to download the file , he just has to enter the 10-digit code , and my script will deliver the file to him.

Just had a thought: Why not provide a login and link(s) to download the file? No funky codes for your end user to remember, just username and password.

Generate a 10 digit unique id every time

Generate a 10 digit unique id every time

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment