Originally Posted by felgall
SHA1 is 20 characters long as raw binary (as would be returned from the call you have in your code with the second parameter set "true" to tell it to return raw binary).
Okay, good catch.
SHA1 is 40 characters long as a hexidecimal representation (as you'd get if you omit the second parameter or set it to false).
The 64a9b6a88d0475fd45f646314d7fd447bca11632da isn't raw binary and so didn't come from that SHA1 call - it isn't 40 characters long so it wouldn't be the value returned even if you changed the second parameter because it is too long.
Try running this, and tell me what you get...
echo sha1(19 . uniqid(mt_rand(), true));