Don’t use md5(microtime()). You might think it’s more secure than md5(rand()), but it isn’t.
With a decent amount of tries and a method of syncing (like a clock on your website) one can predict the result of microtime() to the millisecond. This only leaves about a 1000 different possible return values for microtime() to be guessed. That isn’t safe.
Just stick with md5(rand()), and if you’re lucky and rand() is backed by /dev/random you won’t even need the md5(). In both cases it will be quite a lot more secure than using microtime().
I agree rand is better, but if you realy wan’t to use the microtime use somthing randomley like
$random = md5(microtime() . “confusion and fustration in modern times”);
Best of both worlds.
md5(microtime().rand())
i agree with the last option. it works perfectly for me. that is md5(rand().microtime()).