I've got to concur with using the auto_increment feature of the database to determine the unique ID rather than trying to solve this in Perl from the most recent query. The database app is able to avoid the race condition of two users creating accounts at the same time with both instances coming up with the same number. Listen to Your Mother. Security by obscurity is mostly self-delusion. If user 24000 is able to access someone else's information by typing 24001 in the URL where they see their 24000, then your security problem isn't that 24001 is easy to guess, it's that your guard is down.