I've been using
$string = bin2hex(openssl_random_pseudo_bytes(16)) . uniqid();
Why are you tacking uniqid to it? why not just use the first function?
With 16 bytes, there are about 34 followed by 38 zeros possibilities. For almost any application, the risk of collision is negligible. I would stick to just
From the manual:
If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes()