function generate_session_id( &$db )
{
$user_sess_id = md5( uniqid( mt_rand(), true );
try
{
$stmt = $db->prepare("SELECT COUNT(*) AS session_exists FROM sessions WHERE session_id = :session_id");
$stmt->bindParam(':session_id', $user_sess_id);
$stmt->execute();
$result = $stmt->fetch( PDO::FETCH_ASSOC );
if( $result['session_exists'] == 1 )
{
// Recursion !
generate_session_id( $db );
}
else
{
return $user_sess_id;
}
}
catch( PDOException $e )
{
die( "generate_session_id(): " . $e->getMessage() );
}
}
Is this function safe to use or are there any flaws in it? Its only purpose is to generate unique ID for each session.