I'm deep into a hotel reservation project. Like all typical reservation systems, I'm giving the user a "reservation confirmation" number when the reservation process has been completed.

This confirm number is based upon the users email address plus a randomly generated number.

I'm currently doing it like this:

// Split the email address at the "@'

list($username, $domain) = split('[@]', $emailAdd);

// Generate a unique confirmation number for the guest using their email username and a 4-digit random number

$confirmNumber = $username . rand(1000, 9999);

I don't know, this seems a good solution to me but I was wondering if the good (and much more experienced) folks of this group thinks that this combination would be random enough given the number of guests this particular resort gets.

The uniqueness of the confirm number is also critical as it's being used as the priamry and foreign keys for a number of tables in the database.

Interested in all opinons.

Neophyte