[eluser]ejangi[/eluser]
I kind of understand what you're wanting to do, but if it's for security reasons you really shouldn't be relying on a random string alone. Personally, I would be using a username instead of a user-ID and the photo-ID thing I personally wouldn't be too worried about. In anycase, you should be checking to see that the photo belongs to the requested user also, otherwise you'll get wierd data display bugs (Like a photo being displayed by the wrong publisher).
With your photo-sharing example, perhaps the photo-ID in the URI isn't the primary-key of the DB, but the users' photo sequence, so each user has their own photo 1, 2, 3, 4 - does that make sense??? I dunno, I just don't think I'd be that worried about people trying to jump through things sequentially.
If you really want a random ID, I'd try something like:
Code:
$id = uniqid(rand(),true);
// or even:
$md5_id = md5(uniqid(rand(),true));