I can't find specific information as to the uniqueness of $_FILES["FileName"]["tmp_name"].
From: http://php.net/manual/en/reserved.variables.files.php
I see that 6 hex characters are what make the file name unique.
e.g. /tmp/php/php6hst32
From local testing (XAMPP | WIN 7) I see only 4 hex characters
e.g. \tmp\phpCC07.tmp
This would suggest a min uniqueness of 1 in 65536 which doesn't seem that unique to me.
Where is this set within PHP? (it's not in php.ini). Is it hard coded or can it be configured?
I realise that a clash could only happen within a brief period since the file should last only the duration of the script but these odds don't offer the comfort I was expecting.
The files are guaranteed to be unique. PHP uses GetTempFileName() on Windows and mkstemp() or mktemp() on Linux.
GetTempFileName() produces filenames of the format <prefix>XXXX. (This is what you see with XAMPP)
mkstemp() and mktemp() produce filenames of the format <prefix>XXXXXX. (This is what was in the docs)
These are not configurable, they are set by the system's standard C library. The system guarantees that the filenames that are generated are unique. If the system is unable to create a unique filename, the function call returns an error status to PHP which in turn raises an E_WARNING: "File upload error - unable to create a temporary file".
References: